
Upside-Down-Ternet (2006) - Tomte
http://www.ex-parrot.com/~pete/upside-down-ternet.html
======
lxe
Can't do this with HTTPS everywhere nowadays :) At least not without
certificate validation errors.

~~~
jancsika
Each bit could be flipped, but that's not going to put interesting pixels in
the browser.

Seems like there are still plenty of latency-based attacks to turn things
"upside down." For example, websites could load lightning fast but streaming
could be a drip, drip, drip.

Or perhaps everything _except_ pornhub stream lightning fast. :)

------
gerdesj
I came across this about 13 years ago. Just noticed (2006) so that fits. I
happen to have quite a lot of IT at home. A quick (lol) emerge of squid in a
VM, a fiddle with the DNS server to create wpad.example.co.uk and a copy n
paste of a wpad.dat from a customer site etc and my wife's browser went a bit
odd.

The following April 1st, I did it to my entire company. The PHB can also be a
BOFH!

------
dang
A small thread from 2008 ("Dude, that's like 2 years old"):
[https://news.ycombinator.com/item?id=337638](https://news.ycombinator.com/item?id=337638)

Also
[https://news.ycombinator.com/item?id=116728](https://news.ycombinator.com/item?id=116728)

~~~
saagarjha
Glad to see that the community hasn’t changed in all these years ;)

~~~
dang
Oh, I'd say there's much more tolerance now for historical material. 10+
years' worth of dates in titles has conditioned the culture.

------
aequitas
We had a LAN party a long while ago where they used a similar proxy. But
instead of turning all images upside down they displayed all images not going
via https on the main beamer screen. It was a valuable lesson in how secure
your bare http connections where. Until the trolls woke up and we learned
about all the kinds of porn that existed.

~~~
nelgaard
Ah, yes. Probably driftnet And you will not need trolls for that.

As the debian description says:

== ...Driftnet is a program which listens to network traffic and picks out
images from TCP streams it observes. It is interesting to run it on a host
which sees a lot of web traffic. . (Obviously, this is an invasion of privacy
of a fairly blatant sort. Also, if you are possessed of Victorian
sensibilities, and share an unswitched network with others who are not, you
should probably not use it.) ==

------
geddy
Through all of my bookmark purges and reorganizations throughout the years,
this url has always remained a part of them. The first one, in fact, as it's
lasted the longest!

Had a field day with this back in college.

------
Hitton
I remember Upside-Down-Ternet module from when I was playing with MITMf -
framework for MitM attacks. Now I know where the idea originated from.

------
athenot
I had done this in a small office; it was definitely a fun prank to pull on
folks. Of course with TLS everywhere, this is no longer possible.

~~~
kayson
Just need a root CA cert installed on the machines. Plenty of companies do
this already

------
jwineinger
I remember having fun with my roommates in college with this.

------
Nashooo
I first came across this via the alt text of this particular XKCD.
[https://xkcd.com/341/](https://xkcd.com/341/)

------
MithrilTuxedo
Did anyone else notice the bit at the end?

I laughed.

------
katharine7
excited! I usually ban them without kidding. Not a humorous person lol

