lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue Jun 27 17:01:51 2006 From: michael.holstein at csuohio.edu (Michael Holstein) Subject: UnAnonymizer > The 'trick' is to obtain this information regardless of proxy settings > and in the case of SOCKS4, be able to identify your real DNS servers. > This is accomplished using a custom DNS service along with a Java applet > that abuses the DatagramSocket/GetByName APIs to bypass any configured > proxy. The source code of the applet is online as well: > - http://metasploit.com/research/misc/decloak/HelloWorld.java Smart TOR users are using Firefox + NoScript + Flashblock to begin with .. and you'd really have to be stupid/trusting to allow Javascript (and even dumber still to allow Java Applets) when you're trying to be anonymous. > There are a handful of other ways to obtain a user's real IP address - you > can embed a link to a SMB service over a UNC path, start up another > application via file attachments (PDF, with embedded JS, etc), or abuse > any other network-aware app that is launched by the browser. Using a WRT54g+Linux+Tor (or running the TOR router on a seperate machine) prevents this entirely since *all* traffic is routed into TOR and anything that's not falls into the bitbucket. Those that wish to be anonymous .. always will be :) /mike.
Powered by blists - more mailing lists