Naomi 3.0 is an advanced internet filtering program

NAOMI 3.0 (en)
family-safe internet

© 2004-2006 Radiant Morning

uses madCodeHook © 1999-2005 Mathias Rauen

Table of contents
Introduction
Installing and uninstalling
User interface
Usage precautions
Final notes
License

Introduction
Naomi 3.0 is an advanced internet filtering program, easy to use and totally free, intended for families and parents in particular.

Naomi 3.0 is able to constantly monitor all internet connections, protecting children from inappropriate online material (such as obscene or violent contents; pornography and erotism in the form of images or texts; sites that popularize drugs; gambling games; terrorism; hate propaganda; occultism; sects; blasphemy, etc.)

The filter does not rely on a mere list of banned sites; instead, it examines all data that are transmitted or received from the internet using applications like web browsers, chat programs, newsreaders, file sharing tools, and more.

The filtering technology employed in Naomi 3.0 features:

Heuristic analysis capable of recognizing new sites automatically.
Semantic analysis of web pages contents and analysis of their addresses and links.
Recognizes the major languages.
Recognizes ICRA labelling system.
Monitoring is not limited to web sites, but covers the whole local internet traffic.
Works with any software application, and does not alter their settings.
Password-protected (the password is chosen by the user during the installation).
User interface is extremely easy to use.
Does not require configuration.
Can be used on slow connections (it does not perform any download in background and does not need to contact sites, proxies, databases, etc.)

Installing and uninstalling
Installation of Naomi 3.0 only requires a few seconds. You just need to launch its installation (setup) file. Then, you will be promped to choose a password, to prevent unauthorized access to the program. This password is essential for accessing the program’s interface, and also for deactivating or uninstalling it. You are advised to choose a password that is difficult to guess (e.g. you can use letters and numbers) and to remember it or keep it in a safe place.

The program is now ready and it immediately starts its monitoring activity. Whenever a potential access to inappropriate sites or material is detected, the application in use is terminated. If, for example, a pornographic website is accessed - on purpose or not -, the web browser is immediately closed, both to prevent further exploration and to avoid the user from seeing any partially downloaded material (e.g. photos, banners, etc.)

User interface
To access the user interface, you just need to click twice (left mouse button) on the flower-shaped icon near the Windows clock:

You will be asked to enter the password that you have chosen during the installation.

Once you have entered the exact password, you’ll see the user interface. The following buttons are available:

Hide: hides again the interface and keeps monitoring the internet connections.
Stop: temporarily stops filtering; the buttons name changes to “Start”. Pressing it again restarts filtering.
Uninstall: stops filtering and uninstalls definitively the filter.
Help: shows this manual.
Web site: to visit the official web site from where you can download updates and new versions (you must be connected to the internet to use it).

Usage precautions
In some cases, it is possible that the filter detects “false positives”, that is, it could result in blocking of legitimate sites. This may happen in the following cases:

Search engines: many porn sites use common keywords so they can get listed in the results of different searches and entice users to visit them.
Spamming (unsolicited advertising) received via chat programs like icq or mirc, and on forums, newsgroup, etc. (often they are obscene messages inviting the user to visit a certain site or to join a chat room for adults).
Advertisement of inappropriate material (for example, porn banners) on “regular” web sites.
If you find that a kids-safe site is erroneously blocked, or that an inappropriate site is not filtered, or if the program does not work for you, please contact me. Your report shall be taken into account for the next versions and updates of the filter.

Final notes
Using a software filter allows parents to exert less vigilance or internet surfing, but no program can be considered a substitutive of the parent’s action of education and control. Don’t forget that, unless internet access is limited to a few selected sites, it is not possible to block the 100% of inappropriate contents: programs, in fact, do not “understand”; they just make choices based on criteria that can prove to be more or less valid according to the different cases.

I dedicate this program to a dear friend’s baby girl; her name, naturally, is Naomi

http://www.naomifilter.org

MORE FREQUENT AND MORE DAMAGING ATTACKS ON DNS

For Immediate Release
Press Contact:
Michael Azzano
Cosmo PR
415/596-1978
michael@cosmo-pr.com
DNS EXPERT CALLS FOR PREPAREDNESS IN FACE OF POTENTIALLY
MORE FREQUENT AND MORE DAMAGING ATTACKS ON DNS
DNSstuff.com unveils one of the first public root server time maps to track performance
and minimize business risk; Recent survey data reveals that 70% of all DNS servers have
one or more improperly configured settings
Newburyport, MA – February 8, 2007 – DNSstuff.com, a global leader in DNS issues
and tools with one of the largest communities of IT professionals on the Web, today
issued a warning and called for greater preparedness as a result of the recent attack
targeting root servers. This attack is the latest in a series of distributed denial-of-service
attacks targeting DNS servers that began late last year. DNSstuff.com today also
introduced a new root server time map tool designed to help IT professionals track the
performance of and possible attacks on these servers.
“It is likely that this latest apparent probing effort was testing the resiliency of DNS,”
explained Paul D. Parisi, CTO of DNSstuff.com. “This could be a harbinger of more
targeted attacks against .com parent servers or even individual enterprise servers, neither
of which may have the resiliency or redundancy of the systems attacked earlier this week.
Either of these scenarios could have catastrophic consequences for the Internet-at-large or
specific organizations.”
New Tool to Spot Attacks
The new DNSstuff.com root server time map allows IT professionals to monitor the state
of root and .com servers supporting DNS. Now anyone can check real-time performance
of these servers to spot long latency times or unusual behavior in response times. The
root server time map can be found at http://www.dnsstuff.com/info/roottimes.htm.
Even without an increase in targeted or malicious attacks on DNS servers, many of those
same servers remain vulnerable or are performing poorly because of simple human error.
There are over 85 million domains on the Web, and a survey by DNSstuff.com of its
users revealed that there are significant, fixable configuration issues with DNS settings
for nearly 70% of those active domains. These incorrect settings can lead to site outages
or improperly routed email, and a targeted attack exploiting these settings could lead to
even more widespread network and Internet outages.
Simple Prevention Settings
“We are a robust web application and the Web’s acknowledged leader in helping IT
professionals better manage their networks and DNS through expert advice, best practices
and relevant resources,” continued Parisi. “Unfortunately, many people are relying on
improperly configured DNS and are unintentionally leaving themselves, and therefore the
web, vulnerable to attack. ”
There are some simple steps that can be taken to improve DNS security at an enterprise
level. These include maintaining a minimum of two physically and geographically
separate servers to help thwart a denial-of-service attack, and proper configuration of
your Primary and Secondary name servers to utilize the natural resiliency of DNS. More
tips and information for DNS configuration can be found at DNSstuff.com or by signing
up for the company’s monthly IQ Mail by emailing DNSIQ@dnsstuff.com.
About DNSstuff.com
DNSstuff.com is the Web’s premiere destination for DNS professionals, offering free
online tools to monitor and maintain one of the most vital, yet vulnerable, lynchpins in
the infrastructure supporting the Web – the Domain Name System. DNSstuff.com is a
web application providing expertise and all the tools necessary to ensure that your DNS
operates smoothly, efficiently and safely. It is one of the largest and most trusted
communities of IT professionals on the Web, and can be found at www.dnsstuff.com.
###

RSA Attack Efficiency Improves

August 2006 saw the disclosure of a fairly interesting attack against the RSA encryption algorithm (most famously being used in SSL - protecting online transactions). While it didn’t target the actual algorithm, which still has not been broken, it is a so-called side channel attack, targeting the peculiarities associated with implementing the algorithm on various computing hardware.

The team behind the initial disclosure have recently submitted a modified approach to the attack, resulting in almost-astronomical improvements in attack efficiency.

In basic terms, the attacks rely upon a phenomenon known as ‘Branch Prediction Analysis’, where a program / attacker is able to predict what other software is doing as it passes through the CPU of a system.

In the first iteration of the described attack, the method required snooping on what was happening with the CPU for a relatively long period (or number of cycles), and certain software that implemented SSL protection (OpenSSL) quickly introduced patches to protect against this listening attack.

While many hardware manufacturers and Operating System developers have introduced defensive mechanisms to try and prevent this sort of attack taking place, it has been discovered that Pentium-IV (PIV) chips with Hyper-Threading enabled still have two caches that are not adequately protected. The new iteration of the attack, using a technique dubbed ‘Simple Branch Prediction Analysis’ (SBPA) targets both of these caches and can extract almost the complete secret SSL key in just one cycle. Running as an unprivileged user, this method can also target and extract data from any other software processes running on the system (SSL is an example in this case).

The technical black magic of how a branch predictor attack works can be explained as follows. Although modern CPUs are very quick, they still can’t process absolutely every bit of information that they need to without a queue building up. This queue of instructions / data waiting for processing sits in a cache next to the CPU and they are executed in order of priority / time spent in the queue (various tuning settings come into play). By attempting to monopolise the CPU’s attention, and filling the cache, the miniscule timing differences between when instructions from the same process are executed can give hints about what other instructions and data are moving through the CPU. Being able to interpret what this data is exactly, is key to branch prediction.

Mitigating the issue is the requirement to be running secure and insecure processes on the same processor at the same time, and for the attacker being able to run their process as a local user. Due the spying process capturing almost 100% CPU continuously while it is running, normal system monitoring software should be alerting administrators to something out of the ordinary running on the system.

What real-world threat exists for this relatively esoteric attack? Shared-server installations. It would be possible for a lesser-privileged account holder on a shared server to run the spying process while other account holders are negotiating SSL connections. A well timed attack will allow them to run their spying process once (and thus minimise the attention drawn to it), and then be able to effectively intercept SSL communications directed at the target.

About The Author

Carl Jongsma is the founder and lead researcher for Sûnnet Beskerming (http://www.beskerming.com), an Information Security company that services the world and still maintains the local touch.