Brain Barrier

#!/bin/sh

#  IPTABLES  FIREWALL This configuration script is adapted
#  from the following source script:
#  www.tldp.org/HOWTO/IP-Masquerade-HOWTO/stronger-firewall-examples.html
#  It was simplified to coincide with the configuration of
#  the sample system presented in the Guides section of
#  www.aboutdebian.com
#
# It has be modified to allow transparent proxing and web filtering with 
# SQUID and DANSGUARDIAN
#
#  This script is presented as an example for testing ONLY
#  and should not be used on a production firewall server.
#
#    PLEASE SET THE USER VARIABLES
#    IN SECTIONS A AND B OR C

echo -e “nnSETTING UP IPTABLES FIREWALL…”

# === SECTION A
# ———–   FOR EVERYONE

# SET THE INTERFACE DESIGNATION AND ADDRESS AND NETWORK ADDRESS
# FOR THE NIC CONNECTED TO YOUR _INTERNAL_ NETWORK
#   The default value below is for “eth0″.  This value
#   could also be “eth1″ if you have TWO NICs in your system.
#   You can use the ifconfig command to list the interfaces
#   on your system.  The internal interface will likely have
#   have an address that is in one of the private IP address
#   ranges.
#       Note that this is an interface DESIGNATION - not
#       the IP address of the interface.

# Enter the designation for the Internal Interface’s
INTIF=”eth0″

# Enter the NETWORK address the Internal Interface is on
INTNET=”192.168.1.0/24″

# Enter the IP address of the Internal Interface
INTIP=”192.168.1.50/24″

# SET THE INTERFACE DESIGNATION FOR YOUR “EXTERNAL” (INTERNET) CONNECTION
#   The default value below is “ppp0″ which is appropriate
#   for a MODEM connection.
#   If you have two NICs in your system change this value
#   to “eth0″ or “eth1″ (whichever is opposite of the value
#   set for INTIF above).  This would be the NIC connected
#   to your cable or DSL modem (WITHOUT a cable/DSL router).
#       Note that this is an interface DESIGNATION - not
#       the IP address of the interface.
#   Enter the external interface’s designation for the
#   EXTIF variable:

EXTIF=”eth1″

# ! ! ! ! !  Use ONLY Section B  *OR*  Section C depending on
#  ! ! ! !   the type of Internet connection you have.
# ! ! ! ! !  Uncomment ONLY ONE of the EXTIP statements.

# === SECTION B
# ———–   FOR THOSE WITH STATIC PUBLIC IP ADDRESSES

   # SET YOUR EXTERNAL IP ADDRESS
   #   If you specified a NIC (i.e. “eth0″ or “eth1″ for
   #   the external interface (EXTIF) variable above,
   #   AND if that external NIC is configured with a
   #   static, public IP address (assigned by your ISP),
   #   UNCOMMENT the following EXTIP line and enter the
   #   IP address for the EXTIP variable:

#EXTIP=”your.static.IP.address”

# === SECTION C
# ———-   DIAL-UP MODEM, AND RESIDENTIAL CABLE-MODEM/DSL (Dynamic IP) USERS

# SET YOUR EXTERNAL INTERFACE FOR DYNAMIC IP ADDRESSING
#   If you get your IP address dynamically from SLIP, PPP,
#   BOOTP, or DHCP, UNCOMMENT the command below.
#   (No values have to be entered.)
#         Note that if you are uncommenting these lines then
#         the EXTIP line in Section B must be commented out.

EXTIP=”`/sbin/ifconfig eth1 | grep ‘inet addr’ | awk ‘{print $2}’ | sed -e ’s/.*://’`”

# ——–  No more variable setting beyond this point  ——–

echo “Loading required stateful/NAT kernel modules…”
/sbin/depmod -a
/sbin/modprobe ip_tables
/sbin/modprobe ip_conntrack
/sbin/modprobe ip_conntrack_ftp
/sbin/modprobe ip_conntrack_irc
/sbin/modprobe iptable_nat
/sbin/modprobe ip_nat_ftp
/sbin/modprobe ip_nat_irc

echo “    Enabling IP forwarding…”
echo “1″ > /proc/sys/net/ipv4/ip_forward
echo “1″ > /proc/sys/net/ipv4/ip_dynaddr
echo “    External interface: $EXTIF”
echo “       External interface IP address is: $EXTIP”
echo “    Loading firewall server rules…”

UNIVERSE=”0.0.0.0/0″

# Clear any existing rules and setting default policy to DROP
iptables -P INPUT DROP
iptables -F INPUT
iptables -P OUTPUT DROP
iptables -F OUTPUT
iptables -P FORWARD DROP
iptables -F FORWARD
iptables -F -t nat

# Flush the user chain.. if it exists
if [ “`iptables -L | grep drop-and-log-it`” ]; then
   iptables -F drop-and-log-it
fi

# Delete all User-specified chains
iptables -X

# Reset all IPTABLES counters
iptables -Z

# Creating a DROP chain
iptables -N drop-and-log-it
iptables -A drop-and-log-it -j LOG –log-level info
iptables -A drop-and-log-it -j REJECT

echo -e “     - Loading INPUT rulesets”

############
# INPUT: Incoming traffic from various interfaces.  All rulesets are
#        already flushed and set to a default policy of DROP.
#
# loopback interfaces are valid.
iptables -A INPUT -i lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

# local interface, local machines, going anywhere is valid
iptables -A INPUT -i $INTIF -s $INTNET -d $UNIVERSE -j ACCEPT

# remote interface, claiming to be local machines, IP spoofing, get lost
# iptables -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j drop-and-log-it
iptables -A INPUT -i $EXTIF -s $INTNET -d $UNIVERSE -j DROP

# remote interface, any source, going to permanent PPP address is valid
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -j ACCEPT

# Allow any related traffic coming back to the MASQ server in
iptables -A INPUT -i $EXTIF -s $UNIVERSE -d $EXTIP -m state –state ESTABLISHED,RELATED -j ACCEPT

#  OPTIONAL:  Uncomment the following two commands if plan on running
#             an Apache Web site on the firewall server itself
#
#echo -e “      - Allowing EXTERNAL access to the WWW server”
#iptables -A INPUT -i $EXTIF -m state –state NEW,ESTABLISHED,RELATED -p tcp -s $UNIVERSE -d $EXTIP –dport 80 -j ACCEPT

# Catch all rule, all other incoming is denied and logged.
# iptables -A INPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
iptables -A INPUT -s $UNIVERSE -d $UNIVERSE -j DROP

echo -e “     - Loading OUTPUT rulesets”

############
# OUTPUT: Outgoing traffic from various interfaces.  All rulesets are
#         already flushed and set to a default policy of DROP.
#

# loopback interface is valid.
iptables -A OUTPUT -o lo -s $UNIVERSE -d $UNIVERSE -j ACCEPT

# local interfaces, any source going to local net is valid
iptables -A OUTPUT -o $INTIF -s $EXTIP -d $INTNET -j ACCEPT

# local interface, any source going to local net is valid
iptables -A OUTPUT -o $INTIF -s $INTIP -d $INTNET -j ACCEPT

# outgoing to local net on remote interface, stuffed routing, deny
# iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j drop-and-log-it
iptables -A OUTPUT -o $EXTIF -s $UNIVERSE -d $INTNET -j DROP
# anything else outgoing on remote interface is valid
iptables -A OUTPUT -o $EXTIF -s $EXTIP -d $UNIVERSE -j ACCEPT

# Catch all rule, all other outgoing is denied and logged.
# iptables -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j drop-and-log-it
iptables -A OUTPUT -s $UNIVERSE -d $UNIVERSE -j DROP

echo -e “     - Loading FORWARD rulesets”

##########
# FORWARD: Enable Forwarding and thus IPMASQ
#          Allow all connections OUT and only existing/related IN

 iptables -A FORWARD -i $EXTIF -o $INTIF -m state –state ESTABLISHED,RELATED -j ACCEPT
 iptables -A FORWARD -i $INTIF -o $EXTIF -j ACCEPT

# Allow forwarding of incoming Port 80 traffic to DMZ Web server replace
# <x.x.x.x>with the IP-ADRESS-OF-DMZ-WEBSERVER and uncomment
# iptables -A FORWARD -i $EXTIF -o $INTIF -d <x.x.x.x.> -p tcp –dport 80 -j ACCEPT

# Catch all rule, all other forwarding is denied and logged.
# iptables -A FORWARD -j drop-and-log-it
iptables -A FORWARD -j DROP

# Enable SNAT (MASQUERADE) functionality on $EXTIF
iptables -t nat -A POSTROUTING -o $EXTIF -j SNAT –to $EXTIP

# Enable DNAT port translation to DMZ Web server replace
# <x.x.x.x>IP-ADRESS-OF-DMZ-WEBSERVER
# iptables -t nat -A PREROUTING -i $EXTIF -d $EXTIP -p tcp –dport 80 -j DNAT –to <x.x.x.x>

#DANSGUARDIAN
iptables -t nat -I PREROUTING 1 -i eth0 -p tcp –dport 80 -j REDIRECT –to-port 8080

### DANSGUARDIAN prevent from bypassing filter
iptables -I INPUT -m tcp -p tcp -s ! 127.0.0.1 –dport 3128 -j DROP

echo -e “    Firewall server rule loading completenn”

AT&T is planning to work with entertainment executives in hope of developing a method to filter pirated downloaded content including movies, TV shows, songs, music, videos and more. Right now there are two primary methods for determining what is being transmitted: content inspection and traffic analysis.

Content inspection requires the filtering organization to open and inspect all content passing through its network, thus, eavesdroping on all web surfing. This is a problematic idea for civil liberties pundants.

The other method, traffic analysis, looks at the source technology used to generate the traffic and would lead to blocking all content from the originating source technology even legitimate content.

Both methods are flawed and in either case the filter could be subverted by simply encrypting content before transmitting it.

Source: CNN

Indeed CTOs and IT administrators are increasingly choosing to specifically block access to Facebook, alongside the other chief time-sapping websites — hotmail and gmail.

Additionally, Email Systems has identified a trend for blocking viral video sites, such as YouTube, with over 53% of its customers choosing to block this site during work hours and 64% of customers blocking streaming and download video content from its users.

With several city firms — including Credit Suisse and Dresdner Kleinwort - having announced a ban on the site earlier this week and many of Email Systems new web filtering customers citing Facebook explicitly as one of the key catalysts for adopting web filtering, the issue is fast becoming a top concern.

The latest internet phenomenon, social networking websites offer an interactive network of photos, user profiles, email and chatrooms.

Unlike MySpace, Bebo, Faceparty, YouTube and most other mainstream social networking websites, Facebook is currently favoured amongst young professionals and consequently take-up of the service within the corporate environment has been extremely swift, with many companies creating their own groups on the site.

Full Article: PR Leap

Eight out of ten companies with web-filtering software have banned Facebook and other social-networking sites, according to web security firm Email Systems.

Facebook has seen a meteoric rise in popularity over the past couple of months, with London now the most popular network on the site.

Full Story: PCPro

Yesterday the Senate Commerce Committee approved new legislation which could see the content blocking chip finding its way into any device used to view programming, including cellphones and “The Internet”, despite the fact that indecency laws don’t apply to the web (yet).

Arkansas Senator Mark Pryor thinks that the government needs to further invade on parents’ territory and help them to protect the children.

“It’s an uphill battle for parents trying to protect their kids from viewing inappropriate programming” Pryor told the Hollywood Reporter.

Stephen Balkam

Picture this: Fifteen-year-old Lucy comes home from school, takes out her laptop, turns on her iPod, flicks on the TV and starts checking e-mail. While reading e-mail from mom, Lucy’s cell phone rings. Simultaneously, tiny musical popup windows on her laptop alert her to new instant messages. Once done checking with friends via cell and IM, Lucy checks MySpace and Facebook and the 12 comments added to her profile since that morning.

When she looks up at the news, she’s disgusted by the images of murdered bodies and turns on the TiVo to watch a recorded “Saved by the Bell” episode. That reminds her of her geography assignment due tomorrow, so she goes to her high school’s Web site. Just then, her phone buzzes, alerting her to an incoming text.

This scene is playing out in homes all over America. It is creating a new awareness of what’s possible in an utterly networked world, and it is creating a digital immersion that many parents and other older observers fear will submerge their kids in shallow, trivial and, at times, dangerous behavior.

How can we protect our hyper-connected children?

Parents can begin by knowing the devices and applications kids crave. Cell phones have become mobile production studios and are the essential mode of communication, publishing, broadcasting and accessing a range of Web sites and services. But kids, particularly at the college level, are also increasingly becoming avid users of notebook personal computers, MP3 players, video game systems and a host of other electronic devices designed to keep them connected.

And what college kids have now, middle schoolers will be demanding for the holidays. The marketing, peer pressure and sheer “must have-itness” is creating a younger and younger demand to be a part of this immersive world, and kids often access these technologies away from parental oversight or comprehension.

So what can be done? Parents feel deeply conflicted. They rightly sense that their children will inherit a digital future, and the more they use, communicate and explore this connected world, the better their chances of getting a good education and a bright career. But parents are also aware of the potential dangers of this “always-on” universe.

Parents have the wisdom and discernment to know what constitutes a dangerous situation or harmful content. This older generation will need to make time to fully enter the younger generation’s world, become familiar with the tools that can help to protect kids from pornography, predators and the darker side of human nature, while creating the ground rules for safe, fun and enlightening digital experiences.

From the parental controls built into Windows Vista and the Safe Search feature in Google to family friendly ISPs, there are many free and easy-to-use filtering tools available to protect children from the worst on the Web. Similarly, excellent guidelines and family contracts for safe online use can be downloaded and adapted to any parent’s needs.

This new hyper-connected world challenges us to have “The Conversation” — the one where we set boundaries and hear about our kids’ online experiences — on a regular basis. Like the bestselling book on parenting advises, we need to talk so kids will listen and listen so kids will talk. It’s not always going to be easy. Just ask Lucy.

Stephen Balkam is chief executive of the Family Online Safety Institute in Washington, D.C. E-mail: letters@detnews.com.

By Stephen T. Watson
Buffalo News
08/01/07 9:48 AM PT

Seattle resident and self-described pedophile Jack McClellan caused outrage over a Web site he created for the purpose of directing men to places to meet children and displaying photos of young boys and girls on the site. While many may view McClellan’s material as offensive, authorities maintain that he has not broken the law. Several cyber-vigilantes are creating Web sites to combat McClellan’s efforts.

Ron Tebo was watching Fox News Channel recently when he saw an interview with Jack McClellan, a self-described pedophile from the Seattle area.

McClellan was defending his Web site that guided other men to the best spots to meet young children and included photos he’d taken of boys and girls in public spaces.

“I was immediately disgusted over it, and I knew something constructive needed to be done about it,” said Tebo, a West Seneca resident who works as a webmaster for the Professional Bartending Schools of America.

Grabbing National Attention

Tebo decided to try to stop McClellan by turning the Internet against him.

He set up his own Web site, www.jackmcclellan.com, which calls McClellan “a ticking pedophilia time bomb,” carries warnings aimed at parents, and urges readers to write whenever they spot McClellan.

Tebo’s anti-McClellan site has gotten national media attention, including a live interview Monday on CBS’ “The Early Show.”

“Thank you for this site, and thank you and God bless you for trying to help the communities of the world look out for sick people like this,” wrote one visitor from Apple Valley, Calif.

Cyber-Vigilantes Unite

Tebo has a personal reason for going after McClellan. He said he was abused by a neighbor when he was 6.

Tebo is one of a growing number of Internet users who are targeting pedophiles online.

While disturbing language on the Web can enjoy constitutional protections, cyber-vigilantes are using high-tech methods to make life uncomfortable for people who covet children.

“There are a lot of well-meaning and frustrated people out there who want to take things into their own hands,” said Parry Aftab, executive director of WiredSafety.org, a nonprofit organization that seeks to keep children safe online.

Blogging on a Thin Line

This raises ethical and legal questions on both sides, and illustrates the fundamentally unmanageable nature of the Web.

McClellan was relatively unknown until earlier this year, when a Seattle-area newspaper did a story on him that later was picked up by Fox News.

McClellan has said publicly he doesn’t think there’s anything wrong with adult men showing affection toward children as young as 3. He said he’s never sexually abused a child.

“I term it more of an erotic appeal with female, prepubescent children,” McClellan told The News in an interview Monday from Los Angeles, where he is living in his car. “It’s the whole package of these girls. Their playfulness. Their anarchy. Their irreverence.”

His Web site served as a how-to guide for fellow pedophiles in Washington State. He rated the best places where they could find children — municipal swimming pools, school recitals and other public places.

McClellan also posted photos of kids he’d taken at the venues.

He’s not a convicted sex offender, so he isn’t barred from places where children gather; police in the area said nothing on his site was illegal.

McClellan Still Determined

Watching the Fox News segment in April, Tebo was upset that McClellan was able to peddle his ideology online, so he registered the domain name for his anti-McClellan Web site.

“My intention was to take the traffic from that pedo site and divert it,” said Tebo, who has a Web site, iPranked.com, that collects prank and blooper videos and was the subject of a Buffalo News article in May.

“Parents are writing me, ‘Thank God, thank God, thank God for your site. I didn’t know about this man,’” Tebo said.

McClellan’s Internet service provider took down his original site, but he doesn’t shy away from publicity, and he’s found other forums for his views.

The attention forced him to move from Washington State to Los Angeles, but he continues to spend time around children and he hopes to start up his blog again.

“I feel maybe I have an opportunity to educate people,” McClellan said. He added that he’s seen Tebo’s site and wonders why someone in New York has taken an interest in him.

Web Site Angers Father

Tebo is a father of 10-year-old twin boys, but he has another reason for launching the site.

Tebo said he was abused by a neighbor when he was 6 years old and living with his family in the Town of Boston.

He and a younger family member were abused over the period of a year, until they moved, he said.

He never told anyone about the abuse at the time because he felt ashamed that it happened and guilty that he wasn’t able to protect the family member.

However, he wants to make sure McClellan and people like him don’t get the chance to do that to any other children.

“It’s difficult. I think that motivates me in the back of my mind,” Tebo said.

Offensive but Not Illegal

Law enforcement officials are limited in what they can do, because unless the site contains pornographic images, it’s usually protected speech, said Paul M. Moskal, a spokesperson for the FBI in Buffalo, N.Y.

“The public doesn’t want the FBI abridging people’s First Amendment rights. No matter how offensive someone’s point of view may be, that doesn’t necessarily make it illegal. And it’s not up to the FBI to make that judgment,” Moskal said.

The inability of police and prosecutors to take action is frustrating to Aftab, Tebo and others who worry about kids’ safety.

Though Moskal said police agencies are “very leery” of citizens intervening in potential law enforcement matters, frustration is driving Tebo and others to act on their own.

In some cases, Web watchdogs have hacked into pedophiles’ Web sites, stolen their identities, or conducted scams that target pedophiles, Aftab noted.

Fighting Speech With Speech

Civil liberties advocates say they find McClellan’s comments offensive, but they have some concerns about these tactics.

“It underscores that the only response we have to the most disturbing speech is more speech,” said John A. Curr III, who heads the regional office of the New York Civil Liberties Union.

That said, Curr added, when the comments on a Web site shift from advocacy to stirring someone to physically act against a pedophile, that’s when it could cross a legal line.

Tebo said he’s been contacted by numerous media organizations since Monday’s “Early Show,” including producers for Larry King and Paula Zahn.

He said he does plan to keep up the Web site as long as necessary. He’s also taken out a second site in a pedophile’s name, www.lindsayashford.net.

He’s setting up another site, pedoscum.com, that would have a broader reach.

“We want to put pedophiles on notice. We want to put child abusers on notice,” Tebo said.

© 2007 Buffalo News. All rights reserved.
© 2007 ECT News Network. All rights reserved.

By Pam Baker
TechNewsWorld
Part of the ECT News Network
07/31/07 4:00 AM PT

“Parents should use URL filtering software to control their children’s Web surfing. These solutions allow parents to block Web sites that are inappropriate for children,” Lawrence Orans, research director at Gartner, told TechNewsWorld. “Most of them work by assigning Web sites into categories, such as sports, pornography, gambling, shopping, etc.”

The Internet is the greatest educational tool since the advent of books, but it is also a sinister playground for prowling predators searching for young prey.

It is particularly unnerving to think that these predators can enter a living room undeterred by locks or alarms, and unseen by parents or the family dog.

“The anonymity of the Internet plays a very significant role in enabling child molesters to cruise the Web for potential victims without much fear of being caught,” Karl Garrison, CTO and one of three owners of Intelligent Fusion, a consultant group for the federal government on data and information management, told TechNewsWorld.

Tough to Measure

The actual scope of the problem is difficult to measure since no one knows how many predators succeed and get away with it. However, the Cyber Tip Line — created in 1998 by an act of Congress — receives 503,000 reports annually.

“A year or two ago, the Cyber Tip Line got an average of 50 reports a week of online enticement of children for sexual acts. Now they get an average of 250 a week,” John Shehan, deputy director of the exploited child division at the National Center for Missing & Exploited Children, told TechNewsWorld.

The increase is due in part to social networking and chat rooms, which give predators additional opportunities, says Shehan.

The problem is often compounded by parental ignorance of the various technologies children use, and the tools available to stop cyber-attacks.

Tools for Parents

“There is a huge divide between parents’ understanding of the technologies involved versus their children’s,” adds Shehan.

To bridge the divide and arm parents, the National Center for Missing & Exploited Children launched NetSmartz.org last February. The site has a list of frequently asked questions on the opening page and a tab for the library containing information ranging from explaining a browser to providing step-by-step instructions for monitoring teen cell phone calls. The site is easy to navigate, even for parents with little online experience.

Another feature on the Web site Free Trials. eCommerce Data Solutions, Tax Rates, Address Verification & more., “Ask An Expert” puts parents in touch with the same experts who work on the Cyber Tip Line.

“If parents don’t find an answer to their question on the site, they can email an expert who will answer within 24 hours. Afterwards, this information is added to the site, as are any new findings the Cyber Tip Line experts generate in the course of their regular duties, so that the Web site is constantly updated with the latest information,” Shehan notes.

Phone Service Coming

The center is launching a phone service next month for parents who want to speak directly to an expert, Shehan says. Qwest Communications (NYSE: Q) Latest News about Qwest Communications is funding the phone service, but a phone number hasn’t been assigned yet. Once that is available, the center plans to launch a large campaign to get the number out to the public. The number will also be posted on the Web site.

Internet search companies and ISPs (Internet service providers) such as Google (Nasdaq: GOOG) Latest News about Google are also doing their part to stop predators from attacking children.

“Our approach to protecting children on the Internet has three primary elements: 1) powerful tools to empower families to control their activity online; 2) cooperation with law enforcement and industry partners to stop illegal content and activity online; and 3) educational efforts to increase awareness about online safety,” Victoria Grand, spokesperson for search giant Google, told TechNewsWorld.

Blog Control

Google developed SafeSearch, a filter that uses advanced technology to block pornographic and explicit content from search results, and a parental content administration feature which enables parents to view, edit or delete a child’s blog.

“If a parent wishes to delete a minor child’s blog, they can identify the child’s blog and provide proof (such as a birth certificate) that he or she is the parent/legal guardian of the minor child, and we will delete the blog for them,” explained Grand.

Such tools are hailed by parents and experts alike as the first line of defense against online predators.

“Parents should use URL filtering software (Web filtering) to control their children’s Web surfing. These solutions allow parents to block Web sites that are inappropriate for children,” Lawrence Orans, research director at Gartner (NYSE: IT) Latest News about Gartner, told TechNewsWorld. “Most of them work by assigning Web sites into categories, such as sports, pornography, gambling, shopping, etc. Parents can select which categories they want to block and which ones they wish to allow.”
Some Examples

Net Nanny, Cybersitter, PC eGuardian and Blue Coat’s K9 are examples of these solutions, Orans says.

“Some of these offerings also log instant message communications and chat room discussions,” he adds.

Detractors, however, fear that these applications may be turned against adults for malicious purposes.

“These programs must be installed on the home computer. They are used by parents, not by stalkers,” says Orans. But perhaps that means that such vulnerability depends on who has access to your computer onsite without your knowledge.
Privacy an Issue

Even so, critics say such programs constitute censorship and a serious threat to a child’s privacy.

“Like terrorism, child molestation conjures up such powerful emotions that many Americans will gladly sacrifice their civil liberties to thwart even a remote chance of an attack,” says Garrison. “However, I’m not sure the right question is children’s privacy versus thwarting predators but, rather, where the responsibility lies in ensuring our children are safe from predators.”

Countries outside the U.S. are struggling with many of the same issues and have taken innovative steps to thwart predators.

“In some places, like Korea, large game Web sites use national IDs to authenticate all users so they have some level of accountability,” says Garrison. “While very difficult to do in America — more for cultural reasons than technical reasons — a large trusted network would go a tremendously long way towards providing a safe environment for kids, teens, and adults to work and play.”

Efforts Continue

In any case, efforts to protect children online will continue to get more sophisticated for the single most basic of reasons.

“I have no problem with my kids chatting with other teenagers, but I hate the idea that they may be chatting with older guys posing as teenagers,” concludes Garrison.

By Fred J. Aun
E-Commerce Times
07/30/07 11:17 AM PT

YouTube plans to use video fingerprinting software to identify postings that might be protected by copyright. The video-sharing Web site is the target of a federal copyright-infringement lawsuit, and its lawyer mentioned the new filtering method in a hearing on the case. It’s not likely to work as promised, however, according to J. Gold Associates Principal Analyst Jack Gold.

Google (Nasdaq: GOOG) Latest News about Google and YouTube Latest News about YouTube are planning to unveil copyright protection technology that goes above and beyond what some observers think is even possible.

A Google lawyer told a judge that Google it is creating a database of video “fingerprints” and a system that will match them against uploaded clips to screen out those that appear to be copyrighted, according to media reports.

In their answer three months ago to Viacom’s (NYSE: VIAb) Latest News about Viacom big copyright-infringement lawsuit, YouTube and Google said the complaint “threatens the way hundreds of millions of people legitimately exchange information, news, entertainment, and political and artistic expression.”
Working by September

YouTube and Google “respect the importance of intellectual property rights” and “go well above and beyond what the law requires” to protect those rights, the companies said.

The plan is for the new system to be up and running sometime this fall, said the reports. Google’s lawyer referred questions to a company spokesperson, who did not immediately return a call for comment.

If the system is developed, it will go well beyond YouTube’s current copyright-protection efforts, which basically consist of taking down copyright-infringing clips it discovers or is told about.
We Warned You

“We take copyright issues very seriously,” says the YouTube site. “We prohibit users from uploading infringing material and we cooperate with copyright holders to identify and promptly remove infringing content.”

Users of the site are strongly warned not to upload anything that isn’t their own creation or for which they have permission to distribute.

“The way to ensure that your video doesn’t infringe someone else’s copyright is to use your skills and imagination to create something completely original,” explains a “Copyright Tips” section of the YouTube site. “It could be as simple as taping some of your friends goofing around, and as complicated as filming your own short movie with a script, actors and the whole works. If it’s all yours, you never have to worry about the copyright — you own it!”
Easily Confused

As has been proven by hackers who circumvent most every form of digital rights management protection developed by the music and movie industries, Google can expect its system to come under quick attack.

Fingerprinting video clips seems to be an easily fooled method of protecting copyrights.

J. Gold Associates Principal Analyst Jack Gold questioned whether software will ever be able to satisfactorily filter video clips.

“While I think it is possible for Google/YouTube to create some sort of software that looks for particular signatures within video files, it is highly unlikely that they will be able to eliminate all forms of video on YouTube which is copyrighted,” Gold told the E-Commerce Times.
Just Too Complex

Such a program might work if the copyrighted clips were left completely untouched. However, it might not stand a chance against the ingenuity of savvy video uploaders determined to use YouTube to spread videos they don’t own, Gold said.

“It is an incredibly complex problem to identify video streams,” observed Gold. “All that is necessary is for a poster to change a few seconds of the video or move some frames around and the signature has suddenly changed and is now undetectable by the Google filters. I do not think we will reach a day where automated processes can ever eliminate copyrighted posting on the Internet. It’s just too hard to do and, with a little bit of smart hacking, too easy to defeat.”

Even if the software does work and it — or a judge’s order — manages to reduce YouTube to a vast collection of only silly home movies, Gold thinks Google was wise in acquiring the company.

“No, Google did not make a mistake buying YouTube, although they probably paid too much,” he said. “Google is after ‘eyes’ on browsers and YouTube has lots of views. That is how Google makes its money — pumping out directed ads at specific users and collecting information on surfing habits. YouTube brings them that big time.”

The Squid package can be found in the Packages directory of OpenBSD’s FTP/HTTP repositories. Several versions of the Squid package are available — chose the transparent build.

Installing an OpenBSD package is simple:

# pkg_add squidpackage.tgz

If there are any missing dependencies then the package manager will tell you; I didn’t have any problems with this one.

Now that Squid is installed we need to create a simple config. If you strip out all of the comments you will see see all of the non-default directives more clearly. You’ll want to use the following basic config:

http_port 127.0.0.1:3128
hierarchy_stoplist cgi-bin ?
acl QUERY urlpath_regex cgi-bin ?
no_cache deny QUERY
cache_mem 64 MB
maximum_object_size_in_memory 32 KB
ipcache_size 2048
cache_dir ufs /var/squid/cache 1024 16 256
auth_param basic children 5
auth_param basic realm Squid proxy-caching web server
auth_param basic credentialsttl 2 hours
refresh_pattern ^ftp: 1440 20% 10080
refresh_pattern ^gopher: 1440 0% 1440
refresh_pattern . 0 20% 4320
acl all src 0.0.0.0/0.0.0.0
acl manager proto cache_object
acl localhost src 127.0.0.1/255.255.255.255
acl to_localhost dst 127.0.0.0/8
acl SSL_ports port 443 563
acl Safe_ports port 80 # http
acl Safe_ports port 21 # ftp
acl Safe_ports port 443 563 # https, snews
acl Safe_ports port 70 # gopher
acl Safe_ports port 210 # wais
acl Safe_ports port 1025-65535 # unregistered ports
acl Safe_ports port 280 # http-mgmt
acl Safe_ports port 488 # gss-http
acl Safe_ports port 591 # filemaker
acl Safe_ports port 777 # multiling http
acl CONNECT method CONNECT
acl msnmime req_mime_type ^application/x-msn-messenger$
acl msngw url_regex -i gateway.dll
http_access deny msnmime
http_access deny msngw
http_access allow manager localhost
http_access deny manager
http_access deny !Safe_ports
http_access deny CONNECT !SSL_ports
http_access deny to_localhost
http_reply_access allow all
icp_access allow all
visible_hostname squid.mydomain.com
httpd_accel_host virtual
httpd_accel_port 80
httpd_accel_with_proxy on
httpd_accel_uses_host_header on
coredump_dir /var/squid/cache
In order to direct outgoing HTTP traffic via Squid, a few rules need to be added to /etc/pf.conf:
# rdr outgoing www requests to squid proxy
# rdr on $int_if proto tcp from any to any port www -> 127.0.0.1 port 3128
# pass incoming ports for squid proxy
# pass in on $int_if inet proto tcp from any to 127.0.0.1 port 3128 keep state
# pass out on $ext_if inet proto tcp from any to any port www keep state
# MSN tcp block
# block out on $int_if proto tcp from any port 1863 to any
Then reload the PF rules:
# pfctl -f /etc/pf.conf
If we want Squid to be started automatically at boot then add this to /etc/rc.conf:
if [ -x /usr/local/sbin/squid ]; then
echo -n ‘ squid’; /usr/local/sbin/squid
fi

The final step before starting Squid is to create the cache folders:
# squid -z

And now launch with:

# squid

Users running through this gateway should now be unable to use MSN Messenger while retaining access to Microsoft Web sites and Windows Update.