lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: mail at blazde.co.uk (Roland Postle)
Subject: Anonymous surfing my ass!

> Combine an incompetant programmer with a wanna-be incompetant researcher
> and what do you get?  A stupid advisory.
>
> First of all, you "hacked your way out of" Anonymizer.  Does this mean
> that you paid for their service, then managed to surf without being
> anonymous?  Or, you managed to get their pay service for free?

I think if you at least clicked the advisory link (
http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Anonymous
surfing, NOT! ) it would help relieve some of your ignorance. What he's
reffering to is a getting script (usually javascript) through the filters
and executing on the 'anonymous' person's machine. If a site can do that
they can save cookies to the machine, thereby breaking the anonymity.

It's not really cross site scripting, though the techniques used to get it
through are similar. Right now 'cross site scripting' seems to be the buzz
word attached to any security breach involving scripts. Something we have to
live with I guess. Anyway, whatever it's called SkyLined seems to be the
l33test at it ;)

- Blazde

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux