lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: mail at blazde.co.uk (Roland Postle)
Subject: Anonymous surfing my ass!

> Combine an incompetant programmer with a wanna-be incompetant researcher
> and what do you get?  A stupid advisory.
>
> First of all, you "hacked your way out of" Anonymizer.  Does this mean
> that you paid for their service, then managed to surf without being
> anonymous?  Or, you managed to get their pay service for free?

I think if you at least clicked the advisory link (
http://spoor12.edup.tudelft.nl/SkyLined%20v4.2/?Advisories/Anonymous
surfing, NOT! ) it would help relieve some of your ignorance. What he's
reffering to is a getting script (usually javascript) through the filters
and executing on the 'anonymous' person's machine. If a site can do that
they can save cookies to the machine, thereby breaking the anonymity.

It's not really cross site scripting, though the techniques used to get it
through are similar. Right now 'cross site scripting' seems to be the buzz
word attached to any security breach involving scripts. Something we have to
live with I guess. Anyway, whatever it's called SkyLined seems to be the
l33test at it ;)

- Blazde

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ