lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 10:29:28 2006 From: prb at lava.net (Peter Besenbruch) Subject: UnAnonymizer Cardoso wrote: > If the app uses an unknow DNS server, I think it's enough of a risk to > worry about. I refer folks to the following page on TOR: "Using privoxy is necessary because browsers leak your DNS requests when they use a SOCKS proxy directly, which is bad for your anonymity." http://tor.eff.org/docs/tor-doc-unix.html.en That means, your DNS server becomes the DNS server used by the TOR exit node. I have no idea how many DNS servers operate with poisoned caches, and the like. If I wanted to do some financial transaction, I think Cardoso is suggesting a direct connection, instead. In earlier discussions, people argued that an SSL connection offered some protection, or warning about pharming attacks. > On Tue, 27 Jun 2006 08:49:13 +0000 (GMT) > Brate Sanders <brate_sanders@...oo.co.uk> wrote: > > BS> BS> Is there a security issue hidden somewhere in there or is it just a bug report sent to the wrong mailing list address? :-) -- Hawaiian Astronomical Society: http://www.hawastsoc.org HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
Powered by blists - more mailing lists