lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Tue, 22 Apr 2008 09:12:02 -0400 From: "T Biehn" <tbiehn@...il.com> To: "Full Disclosure" <Full-Disclosure@...ts.grok.org.uk> Subject: Active Web->Tor CGI proxies. Not my doing, but good news never the less. www.torproxy.net Now with 100% more hidden service url support! Time to lighthttpd+tor your servers for hosting delicious contents for wgetting fun. Kids: don't forget to encrypt those sweet unreleased, unreported, unknown, private, exploits. Time to put up black markets and spam the links about. Backends for your phishing pages, botnet control, 'js zombie' control. I bet you could even whip up a sweet google maps GIS (oh I know I have). Simple SQL botnet control anyone? Diffie Hellman in Javascript that delivers encapsulated HTTP to browsers please, could make an interesting BBS interface with real member to member encrypted and private chat (high latency granted.) You could even do some simple digital signature support to protect against rogue TOR nodes. I had envisioned a system that would enforce you after signup to connect through 3 distinct endpoints to collect the key and make sure it was consistent, and providing simple loader source that can be easily verified that loads the prompt to verify the signature. Login would be hash the source from 3 locations to make sure it's all the same, include all grabbed javascript. Then verify that the presented signature is valid. It's not perfect but better than nothing and obviously more anonymous than SSL. Too bad math in JS is massively slow. In the words of Andrew Weeblsoi: There's no point in hiding any more. IRL, Travis _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists