Hacking parental control

[Pawelk198604]

Recently I read an interesting article about parental control programs, one woman lamented that her son can deactivate all control programs that she tried.

I wondered what this woman has a problem, it should rather be proud of that kid has that ability, he may in the future be a hacker and you will earn a lot of cash

[Dkmdlb]

It's mostly a case of knowing the password. Which he probably does.

[Pawelk198604]

It's mostly a case of knowing the password. Which he probably does.

Unfortunately, most people use easy to guess passwords, usually with only a few characters that even a child can guess

[Specialist290]

General rule of thumb for security systems: A chain is only as strong as its weakest link. For computer security in particular, that "weakest link" is often the users themselves.

[Camacha]

Most parents have only a portion of the knowledge their kids have. Defending yourself against someone with superior knowledge or abilities is generally a tough job. You will either need a very robust system or a very capable operator, but, as any high school IT department will tell you, kids always find a way to foul up normal operations.

Edited July 14, 2015 by Camacha

[comham]

Even now, when the people who grew up with windows PCs are having children, kids can figure it out much faster. My parents grew up without even VCR's, so I cant blame them for being outsmarted (I once locked them out of the news channels on the cable box). Partly because kids have more to lose, partly because (assumption warning) anyone who tries to use parental controls is A) probably not very technically smart anyway and has the wrong outlook on parenting. Also that software usually sucks balls, made by shovelware devs.

[LittleBlueGaming]

Unfortunately, most people use easy to guess passwords, usually with only a few characters that even a child can guess

My parents used a 6-letter word with the first letter capitalized for EVERYTHING for the longest time. It was a huge success to get them to start using Xxxxxx##

I use LastPass and KeePassX, most of my passwords are randomly generated 16-character things, only a few do I have memorized.

[Mr Shifty]

anyone who tries to use parental controls is A) probably not very technically smart anyway and has the wrong outlook on parenting.

Anyone who makes a categorical statement like this A) probably does not have kids and doesn't really know what they're talking about.

[linkxsc]

Well my parents "tried" parental controls for a while, until they figured out that my accout was the primary admin on the machine, and they were just parental controling themselves.

[ZedNova]

It's not that hard to bypass parental controls, whether it's a filter through a router, or software on a client. They are usually half-assed solutions that are so easy to disable or run around it's laughable.

It's especially easy if the person enforcing the parental controls has no idea how to configure them so it's harder to bypass.

Example:

The parental control software "NetNanny" can be disabled by removing it from the startup, and removing 2 files in the system32 folder which are unprotected.

Edited July 15, 2015 by ZedNova

[Fel]

It's not that hard to bypass parental controls, whether it's a filter through a router, or software on a client. They are usually half-assed solutions that are so easy to disable or run around it's laughable.

It's especially easy if the person enforcing the parental controls has no idea how to configure them so it's harder to bypass.

Example:

The parental control software "NetNanny" can be disabled by removing it from the startup, and removing 2 files in the system32 folder which are unprotected.

This, this 100x over. This 1000x over.

The younger generation does not know more about computers. This fabrication is completely untrue and often the reverse. The younger generation couldn't setup a LPT printer without the help of Google. They're all about "download a program to do it for me" rather than actually knowing ANYTHING about how computers work. And then, when they memorize a few simple command line tricks, they think it is a substitute for actual knowledge and experience.

No, if the younger generation had even a quarter of the intellect we associated with them then iOS, which is designed for a 2 year old's attention span, would have been a big flop due to the severe limitations it places on the software + hardware control; while Blackberry and Treo, which had more open designs with early linux-on-device proof of concepts, would be the kings. The younger generation would be programming in ASM instead of C#, the younger generation would be reading hex and doing hex based math rather than needing CAS to solve the most basic of Calculus equations.

The problem isn't trying to beat the "knowledge" of the younger generation. The problem is the simple fact that a basic linux boot disk can override any local security setup and with shim secure boot is meaningless unless you self-sign. The PROBLEM is that GOOGLE is the "knowledge" of the younger generation and can easily supply the plethora of work arounds.

My parents used a 6-letter word with the first letter capitalized for EVERYTHING for the longest time. It was a huge success to get them to start using Xxxxxx##

I use LastPass and KeePassX, most of my passwords are randomly generated 16-character things, only a few do I have memorized.

https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

That's only what they've admitted or caught, it is only going to get worse.

Memorizing a 16 digit alphanumeric password really isn't as hard as people act.

Edited July 15, 2015 by Fel

[steve_v]

The "younger generation" doesn't know more about computers, they are simply more familiar with the current technology... technology that is considerably more user-friendly and easy to master than it was only a few years ago.

That said, there are (usually "older) people that have had little exposure to modern gadgets - but give an '80s or even early '90s pc to an ithing whiz kid ad he'll be just as lost.

As for google, the thing that frustrates me is not that so much information is available to everyone, but that so much of it is utter BS... and people still believe it. I'll use the web, but a proper technical manual - or better yet some field experience - trumps a search engine every time.

I every time I hear "I can hack into wifi" (with someone else's code and some copy-paste from google) or "There's this awesome cloud thing we should be using" (which I know sod all about, but the web page looks cool).

Edited July 15, 2015 by steve_v

[YNM]

My parents used a 6-letter word with the first letter capitalized for EVERYTHING for the longest time. It was a huge success to get them to start using Xxxxxx##

I use LastPass and KeePassX, most of my passwords are randomly generated 16-character things, only a few do I have memorized.

https://blog.lastpass.com/2015/06/lastpass-security-notice.html/

That's only what they've admitted or caught, it is only going to get worse.

Memorizing a 16 digit alphanumeric password really isn't as hard as people act.

I can make (and already use) ~64 digit alphanumeric password without forgetting them ! Mostly some sentence.

[ko1Stein]

General rule of thumb for security systems: A chain is only as strong as its weakest link. For computer security in particular, that "weakest link" is often the users themselves.

Exactly. The problem exists between the keyboard and the chair.

Also, I don't think these parental control programms should be necessary with good parents + education. At least this applied to me and my siblings.

Also, I wanted to post xkcd here.

It's so easy to make good passwords! Why do so many people fail at it?

[Nuke]

when all else fails, find a shady uncle.

[magnemoe]

The "younger generation" doesn't know more about computers, they are simply more familiar with the current technology... technology that is considerably more user-friendly and easy to master than it was only a few years ago.

That said, there are (usually "older) people that have had little exposure to modern gadgets - but give an '80s or even early '90s pc to an ithing whiz kid ad he'll be just as lost.

As for google, the thing that frustrates me is not that so much information is available to everyone, but that so much of it is utter BS... and people still believe it. I'll use the web, but a proper technical manual - or better yet some field experience - trumps a search engine every time.

I every time I hear "I can hack into wifi" (with someone else's code and some copy-paste from google) or "There's this awesome cloud thing we should be using" (which I know sod all about, but the web page looks cool).

The even older generations tended to have problems with IT technology. That is the grandparrents to the kid hacking the parental control, not the parents. The parents grew up with it just as the kids.

And yes this is generalization.

The main problem is that the parents just set up the parental control and does not want to use time on it, the kid is willing to spend hours breaking it. Neither do they want to play system administrators.

Add that the systems are crap, mostly designed to stop small kids not teens, last the controls are pretty pointless. Google image search is the easiest way to find .....

Now controlling the network work better for stuff like keep kid from playing multiplayer games during night or downloading torrents.

Still many ways to get around, easiest is just the ask neighbor about their wifi password saying their modem is broke up to putting up an hidden base station on the network.

[steve_v]

IMHO the whole concept of censoring the 'net is a bust from the get-go, unless you can control all the clients.

It's trivially easy to bypass most filters and proxies if you have relatively unrestricted access to a networked machine. And 'home users' generally lack both the experience and the motivation required to find and secure all the ways out of a LAN.

Home networks are just not designed to keep people in, most home network appliances are barely adequate to keep strangers out.

The internet at large was never designed to filter anything, quite the opposite in fact - more "get the packets where they need to go, by whatever route is available".

More draconian network policing requires actual work, beyond "Install our shiny product and all will be well" as anything that actually works will also tend to hamper legit activities. Most people are simply not up for the hassle.

Securing the clients isn't really an option either, for much the same reasons - you've potentially got PCs, Macs, Android and iOS phones, maybe a smart TV and who knows what else.

Finding a way to lock all those devices down so a motivated kid can't get unfiltered 'net access is not a trivial task - especially if you want them to work properly too.

There's fun to be had though... like setting up a WEP encrypted AP, a big antenna and some creative content mangling on a transparent proxy... Then watching the watching the local skids "hack" into it and try to use the 'web

My take on network filters and UI lockdown programs tends to be: Ahh, whack-a-mole, I remember this game.

Edited July 15, 2015 by steve_v

[RainDreamer]

So instead of finding some time to talk to the kids and like, actually understand whether they are engaging in activities that is not good for them or not and spend the effort to convince them otherwise, these parents just take the easy way of getting an unfeeling, unthinking third party program to shut down access instead?

I am not a parent and so I speak with no authority, but doesn't it feel...wrong somehow?

[cantab]

Recently I read an interesting article about parental control programs, one woman lamented that her son can deactivate all control programs that she tried.

I wondered what this woman has a problem, it should rather be proud of that kid has that ability, he may in the future be a hacker and you will earn a lot of cash

Of course the problem is that right now the child has the knowledge and aptitude to bypass the filters, but not the maturity to understand the stuff they're viewing. That's why there are parental control programs in the first place.

As for the effectiveness of any filtering. If you have physical access you own the PC and can do what you like with the software on it, and that is how it should be. Consequently any "parental controls" on the computer itself are useless against a child with the inclination to bypass them.

Well implemented filtering on the network by contrast cannot be bypassed by a device on the network. However it's wide open to removing the device from the network altogether, and that's often pretty easy. Even if that's not an issue, unless you choose a highly-restrictive and often impractical "default block" policy there are going to be holes to get through the filtering. And then there's that important "well implemented" rider in the first place.

I'm not sure what, if anything, is the best solution. Possibly old fashioned supervision in the real-world, but that's less suitable when it comes to highly portable devices.

[Aghanim]

My take on network filters and UI lockdown programs tends to be: Ahh, whack-a-mole, I remember this game.

As a person that spends most of my time trying to beat filters and such because I believe in reasonably free internet, I agree with this.

This is how I beat network filtering:

The simplest way is to change your DNS from automatic to google DNS, as the lightest and simplest web filtering is to hijack DNS requests from your computer to a controlled DNS server, which because DNS is the way of computers to translate web addresses to IP addresses, means that it can be used for redirecting the requests from the original server to the controlled server, which can be used either for caching requests, or to display this website is blocked message. This is the simplest way to block stuff, with easy way to bypass too. To make it harder to bypass, sometime they either block alternate DNS server, like my school, or they redirect alternate DNS server, like my ISP, which in this way can be fixed by using dnscrypt, which encrypts the DNS traffic so no one can mess with it.

The stronger way filters works is to use deep packet inspection, which as the name suggests, it inspects all packets to see if they contain prohibited information or not. This is more stronger as the only way to circumvent this is to use some sort of proxy like web proxy or VPN, but this is more heavy, so this is used if the people/organization really don't want that information to be received, like enterprises and China.

Countermeasure to this is to use VPN and proxy, which encrypts the traffic so the DPI filter doesn't know it contains the banned information, and it goes to a server in a free internet zone where it gets decrypted and go back to its original server. This is called tunneling. HTTPS also works similarly.

Counter-countermeasure to this is to block VPN and proxy traffic

But the most powerful way to bypass all of that filters is to use other internet completely, like using 3G/LTE connection or piggybacking free wifi.

Countermeasure to this is to jam other radios, either by spamming trash radio signals or by impersonating other wifi and sending disconnect command to it. Needless to say that this requires some enterprise grade stuff.

Then there is MAC filtering that prevents unauthorized devices on the network, but home routers typically only implement this on the wifi side and not the ethernet side, and MAC spoofing defeats this entirely.

Remember that the internet interprets censorship as damage and routes around it, and information want to be free. I'm fine with they blocking facebook and steam in my school, or my ISP blocks pornographic websites, but I'm not fine with my ISP to block reddit and imgur.

tl;dr: good luck blocking internet traffic without some serious enterprise grade routers

Edited July 15, 2015 by Aghanim

[shynung]

I'm fine with they blocking facebook and steam in my school, or my ISP blocks pornographic websites, but I'm not fine with my ISP to block reddit and imgur.

Ah, I know this one. 'Internet Sehat', right? AFAIK their filtering system isn't hard to counter, though they have DNS hijackers now; basically they redirect any and all incoming DNS requests to their own server. Google DNS won't work on this one.

That said, attempting to block internet access is like trying to block gamma radiation; no matter how good the 'wall' is, something eventually gets through anyway.

Edited July 15, 2015 by shynung

[Aanker]

Anyone who makes a categorical statement like this A) probably does not have kids and doesn't really know what they're talking about.

Paradox detected!

[Pawelk198604]

Of course the problem is that right now the child has the knowledge and aptitude to bypass the filters, but not the maturity to understand the stuff they're viewing. That's why there are parental control programs in the first place.

As for the effectiveness of any filtering. If you have physical access you own the PC and can do what you like with the software on it, and that is how it should be. Consequently any "parental controls" on the computer itself are useless against a child with the inclination to bypass them.

Well implemented filtering on the network by contrast cannot be bypassed by a device on the network. However it's wide open to removing the device from the network altogether, and that's often pretty easy. Even if that's not an issue, unless you choose a highly-restrictive and often impractical "default block" policy there are going to be holes to get through the filtering. And then there's that important "well implemented" rider in the first place.

I'm not sure what, if anything, is the best solution. Possibly old fashioned supervision in the real-world, but that's less suitable when it comes to highly portable devices.

Well maybe parents should install such programs, at least this will encourage young kids to become a hacker, which is very lucrative

[radonek]

Anyone who makes a categorical statement like this A) probably does not have kids and doesn't really know what they're talking about.

…or C) does not mistake "parenting" for "indoctrinating prejudices".

Why even bother? About every new generation in human history is called lazy, stupid and immoral. It would be funny if it were not boring already.

[YNM]

I'm fine with they blocking facebook and steam in my school, or my ISP blocks pornographic websites, but I'm not fine with my ISP to block reddit and imgur.

Ah, I know this one. 'Internet Sehat', right? AFAIK their filtering system isn't hard to counter, though they have DNS hijackers now; basically they redirect any and all incoming DNS requests to their own server. Google DNS won't work on this one.

That said, attempting to block internet access is like trying to block gamma radiation; no matter how good the 'wall' is, something eventually gets through anyway.

Worse that this filter is EVERYwhere, any kind of provider you get. [local mode] My home wi-fi use FirstMedia anyway, so none of it for Imgur, which mean no problem with this forum [/local mode] . Yeah, I have and had used Tor, but Imgur, reddit, vimeo (yeah ! it sucks), or almost any other website won't work properly without any script...