lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: hellnbak at nmrc.org (hellNbak)
Subject: Anonymous surfing my ass!

On Sun, 14 Jul 2002, Berend-Jan Wever wrote:

Combine an incompetant programmer with a wanna-be incompetant researcher
and what do you get?  A stupid advisory.

First of all, you "hacked your way out of" Anonymizer.  Does this mean
that you paid for their service, then managed to surf without being
anonymous?  Or, you managed to get their pay service for free?

Either way doesn't point at a vulnerability that would expose ones
privacy.  Now if you were telling us that you are able to expose the
originating IP address of web requests coming from these services that
would be something.

>
> Anonymous surfing websites are written by incompetend programmers keen on your money and not your privacy; I tested a few of them and found them wanting:
> - Anonymizer.com (I have hacked my way out of Anonymizer 4 times before and they still lack proper filtering!)
> - The-cloak.com
> - Megaproy.com
> These were all the sites I found with google and could get acces to without registering, if you know some more, I'd be happy to hack my way out of their filters.
> I'd like to mention that all filter faults were found within minutes, just to show (off) how easy this was.
>
> Vendor status: hereby informed of the issue.
>
> Berend-Jan Wever aka SkyLined
> http://spoor12.edup.tudelft.nl
>
> PS. I'm going on a holiday, so I won't respond to any replies for about a week. Though luck!
>

-- 
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

"I don't intend to offend, I offend with my intent"

hellNbak@...c.org
http://www.nmrc.org/~hellnbak

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ