lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <44A0FA6A.1090306@lava.net>
Date: Tue Jun 27 10:29:28 2006
From: prb at lava.net (Peter Besenbruch)
Subject: UnAnonymizer

Cardoso wrote:
 > If the app uses an unknow DNS server, I think it's enough of a risk to
 > worry about.

I refer folks to the following page on TOR:

"Using privoxy is necessary because browsers leak your DNS requests when 
they use a SOCKS proxy directly, which is bad for your anonymity."
http://tor.eff.org/docs/tor-doc-unix.html.en

That means, your DNS server becomes the DNS server used by the TOR exit 
node. I have no idea how many DNS servers operate with poisoned caches, 
and the like. If I wanted to do some financial transaction, I think 
Cardoso is suggesting a direct connection, instead. In earlier 
discussions, people argued that an SSL connection offered some 
protection, or warning about pharming attacks.

 > On Tue, 27 Jun 2006 08:49:13 +0000 (GMT)
 > Brate Sanders <brate_sanders@...oo.co.uk> wrote:
 >
 > BS> BS> Is there a security issue hidden somewhere in there or is it 
just a bug report sent to the wrong mailing list address? :-)
-- 
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ