lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 09:54:25 2006 From: cardosolistas at contraditorium.com (Cardoso) Subject: UnAnonymizer If the app uses an unknow DNS server, I think it's enough of a risk to worry about. On Tue, 27 Jun 2006 08:49:13 +0000 (GMT) Brate Sanders <brate_sanders@...oo.co.uk> wrote: BS> BS> Is there a security issue hidden somewhere in there or is it just a bug report sent to the wrong mailing list address? :-) BS> BS> BS> ----- Original Message ---- BS> From: Peter Besenbruch <prb@...a.net> BS> Cc: full-disclosure@...ts.grok.org.uk BS> Sent: Tuesday, 27 June, 2006 1:42:33 PM BS> Subject: Re: [Full-disclosure] UnAnonymizer BS> BS> H D Moore wrote: BS> > A fun browser toy that depends on Java for complete results: BS> > - http://metasploit.com/research/misc/decloak/ BS> BS> Fun indeed: BS> BS> Field Data Dependency BS> External Address: 24.199.198.152 None BS> Internal Host: unknown Java BS> Internal Address: unknown Java BS> DNS Server (API): unknown Java BS> DNS Server (HTTP): 24.199.198.158 None BS> External NAT: unknown Java BS> BS> The "External Address" listed belongs to a TOR server hosted on BS> RoadRunner. The DNS server is also part of that system. I'm assuming the BS> "Internal Host" should have been mine? The "Internal Address" mine, BS> also? The "DNS Server (API)" my ISP's? Something isn't working. BS> BS> Here's another page that tries something similar with Java: BS> http://gemal.dk/browserspy/ipjava.html BS> BS> I get similar results to the above. Yes, Java is installed (version 1.5). BS> BS> -- BS> Hawaiian Astronomical Society: http://www.hawastsoc.org BS> HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky BS> BS> _______________________________________________ BS> Full-Disclosure - We believe in it. BS> Charter: http://lists.grok.org.uk/full-disclosure-charter.html BS> Hosted and sponsored by Secunia - http://secunia.com/ BS> BS> BS> BS> BS> year(now) + 1 ser? o ano do linux! Cardoso <cardoso@...ox.com> - SkypeIn: (11) 3711-2466 / (41) 3941-5299 vida digital: http://www.contraditorium.com site pessoal e blog: http://www.carloscardoso.com
Powered by blists - more mailing lists