lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 22 Apr 2008 09:12:02 -0400
From: "T Biehn" <tbiehn@...il.com>
To: "Full Disclosure" <Full-Disclosure@...ts.grok.org.uk>
Subject: Active Web->Tor CGI proxies.

Not my doing, but good news never the less.
www.torproxy.net
Now with 100% more hidden service url support!
Time to lighthttpd+tor your servers for hosting delicious contents for
wgetting fun. Kids: don't forget to encrypt those sweet unreleased,
unreported, unknown, private, exploits.
Time to put up black markets and spam the links about.
Backends for your phishing pages, botnet control, 'js zombie' control.
I bet you could even whip up a sweet google maps GIS (oh I know I
have). Simple SQL botnet control anyone?

Diffie Hellman in Javascript that delivers encapsulated HTTP to
browsers please, could make an interesting BBS interface with real
member to member encrypted and private chat (high latency granted.)
You could even do some simple digital signature support to protect
against rogue TOR nodes. I had envisioned a system that would enforce
you after signup to connect through 3 distinct endpoints to collect
the key and make sure it was consistent, and providing simple loader
source that can be easily verified that loads the prompt to verify the
signature. Login would be hash the source from 3 locations to make
sure it's all the same, include all grabbed javascript. Then verify
that the presented signature is valid. It's not perfect but better
than nothing and obviously more anonymous than SSL.
Too bad math in JS is massively slow.

In the words of Andrew Weeblsoi: There's no point in hiding any more.

IRL,

Travis

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists