lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <4E5346B1.1000204@infosecurity.ch>
Date: Tue, 23 Aug 2011 08:20:33 +0200
From: "Fabio Pietrosanti (naif)" <lists@...osecurity.ch>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Tor2web 2.0 is live! - NiX is doing copyright
 infrigment

On 8/23/11 2:02 AM, nix@...roxylists.com wrote:
>>>
>>> Im involved in anonymity and privacy research and development. I've
>>> recently released NiX Web Proxy Script:
>>>
>>> A fully working online demo: http://myproxylists.com/nix_web_proxy/

> 
> I understand your point but it's always harder to find bugs when you have
> no source code.
> 
> It's obfuscated because NiX don't have a name yet. If it will become a
> brand, I'll have no issues to release the source code.

Man, it appear to me you are:
- stealing the glype.com php proxy source-code
- modifying it
- making your own release obfuscated with sourceguardian
- not even saying that's Glype based

Independently from the code that you obfuscated, let's look at stuff
that the same between Glype and NiX php web proxy:

* Common text and html formatting between Glype and NiX
* Same application name/parameters between Glype and NiX
* Same filename
* Similar file Size


@ Common text of web pages of Glype (www.glype.com) and your NiX:

Glype: (Example Glype installation: http://fiberprox.net/)

"Enjoy unrestricted and uncensored browsing with our service."
"Browsing through us both keeps you anonymous from the sites you visit
and allows you to bypass any network restrictions from your government,
workplace or college."

NIX: (Example Nix Installation: https://myproxylists.com/nix_web_proxy/)

"Enjoy unrestricted and uncensored safe browsing with our service."
"Browsing through us both keeps you anonymous from the sites you visit
and allows you to bypass any network restrictions from your government,
workplace or school. "


@ Common application name (browse.php) and application parameter (u=) of
Glype:

Glype:
http://fiberprox.net/browse.php?u=http://www.google.fi

NiX:
https://myproxylists.com/nix_web_proxy/browse.php?u=http://www.google.fi/

@ Same filename

browse.php : Glype = NiX
parser.php : Glype = NiX
upload/ :  Glype = NiX are both distributed in upload/ directory

@ Similar file Size

It seems that also the application browse.php are of very similar size:
du -s glype-1.1/upload/browse.php NIX/upload/PHP52x/browse.php
128     glype-1.1/upload/browse.php
120     NIX/upload/PHP52x/browse.php

Without even attempting to make reverse engineering it seems clear to
everyone what are you doing...

Nice try.

-naif

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ