lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1061492754.3058.9.camel@jesus>
From: list at nutz.ch (Adrian Nutz)
Subject: JAP back doored

But this is not the full story....see
http://www.heise.de/newsticker/data/uma-20.08.03-000/ (in german).
In short: While the AN.ON-Projekt was forced to put in the
logging-function, other mixes are not affected. SPLINE
(http://www.spline.de/) for example refuses to implment the logging.
They are in the cascades Luebeck-Berlin-Dresden and New
York-Berlin-Dresden. I think that german judges won't have a way to
force a mix in New York to implment the logging, which gives a cascade
of two (possibly) unlogged mixes if you use the New York-Berlin-Dresden
cascade.

I believe, that if there where more mixes around and more traffic on
the, this would be the best way to give a lot of anonymity. 
There should be mixes in many different countries, if possible most of
them shouldn't have any kind of treaties that allow a fast reaction from
the police in this countries if some other country wants logs.
Having many mixes requires a lot of traffic to conceal the
individual...best way here would be if large firms proxied all their
employees through JAP...which would help the firms as well.


regards,
Adrian




On Thu, 2003-08-21 at 19:20, error wrote:
> This is a terrible day for privacy advocates that used the once (perhaps
> never true) "anonymous" Java Anonymous Proxy. According to a  story (
> http://theregister.co.uk/content/55/32450.html) by The Register 
> 
> (It was also posted to
> ("http://securityfocus.com/archive/1/334382/2003-08-18/2003-08-24/0)
> BugTraq)
> 
> JAP was back doored by court order. It was a forced upgrade (after a
> service interruption) to monitor "one site" that continues to be
> unnamed. How sad it is when a group have a motto of "Anonymity is not a
> crime." and then hand logs to the police without a word? Clearly if they
> are able to defend themselves on alt.2600
> (http://groups.google.com/groups?dq=&hl=en&lr=&ie=UTF-8&frame=right&th=f4ef43f695ca29e8&seekm=3f3d3740%241_1%40news.vic.com#link10), they aren't under a gag. Read it and weep.


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ