The Torrent that almost wasn't

I've been on the tubes for awhile, and have been using BitTorrent for the last few years. It's a great way to share large files and is a very clever technology. If you want a particular file or files, instead of downloading from one source and being limited by the bandwidth available from the server, or having to share bandwidth with other downloaders, or just having to deal with the fact all the eggs (files) are being stored in one basket (one download site) essentially which can lead to alot of broken eggs...

What if all data was available everywhere at the same time, and you were only limited by *your* download connection speed, maximizing the upload speed of everyone you are connected to?

Essentially you have bittorent, a protocol that will download a large (or small) file in pieces, getting each piece from a "peer" which is offering it up. So you download a piece (somewhere between 500k and 2MB usually) from one person, and all the others from other sources, all the while maximizing bandwidth speeds of each peer, and the availability of "pieces", figuring in latency, etc....

So all of this prelude leads to describing my first attempt at sharing or "seeding" a file (love that term BTW). A coworker (shout out to Dave Parillo!) had an old DVD released by InGuardians (formerly IntelGuardians - but they had to give that up on account of Intel Inc.) called "Red Pill / Blue Pill". It was a dual-sided DVD with one side being a bootable distro for attack purposes (Red Pill) and the other defense (Blue Pill). Anyway, with the permission of Ed Skoudis, I copied the CDs and thought I'd share it with the community, since it wasn't really available anywhere else on the tubes.

So creating a torrent was a little more involved than I thought (just a little). Basically you need the files you want to share, a bittorrent client and a list of trackers - which are sites that help a downloader find someone who has what they need. You create the torrent in the client, providing the file locations and the tracker sites you want to use, it creates the torrent file which you can then post on a bittorrent site or just email and share with someone. Originally I used the Transmission client, which is included with Ubuntu, and it's been faithful to my needs for a few years now.... However, when it came to seeding... well, uh... total fail I guess. Of course I initially thought it was something I did, but people were saying they were connected but were not downloading. That 'n00bish' feeling was starting to sink in... But I had all of my ducks in a row, even tried DMZ'ing my IP address to avoid any possible firewall/NAT issues... still nothing... Visions of me at the post office mailing copies of said DVD to hungry InfoSec dudes were starting to float about...

Not giving up yet, I recreated the torrent with a few more trackers (which I stole at random from some torrent on btjunkie.org) and this time used KTorrent to create the torrent and seed it. Well, much better luck! s I write this, I have uploaded to peers as far as the great "down under" Australia... about 27.1GB of data.... that's right GIGABytes... in about a 24 hour period. A Gigabyte per hour, 16MB per minute...

Hmm, I'm also sure as of this writing that I am officially on Verizon's list of "BitTorrent Extraordinaires".

Fear not, I'm quite sure that my miniscule download traffic pales in comparison to the most esoteric of p0rn crossing Verizon's routers in drovfes, so I do not feel bad.... nope... not for what I pay per month ;-)

Movie

I queued up the movie "The Yes Men Fix the World" on Netflix and recently had a chance to watch it. Very interesting. I guess if you look for an "info security" slant to the world, then you are bound to find it in some shape or form. I don't believe the term 'social engineering' was used, and I wasn't expecting it, but it was definitely in full effect here...

http://en.wikipedia.org/wiki/The_Yes_Men

Basically two guys have been "pwning" various news (BBC?) and other organizations while pretending to be officials from these large companies. They hold press conferences or meetings, announcing changes to their previous policies on certain issues, and apologizing for their previous stance. They succeed in a very big and sometimes hilarious way. The lesson here is that we are often programmed to be distrustful of unsolicited emails, phone calls and letters, but yet news programs we trust are desperate for a breaking story, and don't fully verify their sources, then bad things can happen. Use your imagination here.

In the case of the movie however, the Yes Men are doing good... in a way. While embarrassing them and dropping jaws on live TV, by drawing attention to the issues, they are successfully able to get some of the orgs to change their public policy by drawing attention to it! Brilliant!

The reason you may not hear much about these events is obvious. What type of organization or news source would openly admit to being tricked in this way and come clean? Thus, news of the event even happening never reaches the public...

Good reading...

I came across a neat site that rates magazine articles in order of their popularity:

http://www.kk.org/cooltools/the-best-magazi.php

Here's a couple of them that pertain to "internet" technology that may be on the long side, but I think are worth reading:

Laying of Underground cables in the sea:
http://www.wired.com/wired/archive/4.12/ffglass.html

Phone "phreaking":
http://www.lospadres.info/thorg/lbb.html
I was amazed that such underground knowledge was being covered in such detail in a magazine like Esquire in 1971. Even today I'm not sure many people know what phone phreaking is or how it worked.

First post

After having returned from a wonderful vacation, I decided I would go ahead and do what I've been wanting to for awhile - start a blog. It will be a chance to exercise my writing muscle, share interesting thoughts on technology, security and daily life, without having to use Facebook ;-) Hope you find it to your liking.