[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] UnAnonymizer

Subject: Re: [Full-disclosure] UnAnonymizer
From: Peter Besenbruch <prb@xxxxxxxx>
Date: Mon, 26 Jun 2006 23:29:14 -1000

Cardoso wrote:
> If the app uses an unknow DNS server, I think it's enough of a risk to
> worry about.

I refer folks to the following page on TOR:

"Using privoxy is necessary because browsers leak your DNS requests whenthey use a SOCKS proxy directly, which is bad for your anonymity."

http://tor.eff.org/docs/tor-doc-unix.html.en

That means, your DNS server becomes the DNS server used by the TOR exitnode. I have no idea how many DNS servers operate with poisoned caches,and the like. If I wanted to do some financial transaction, I thinkCardoso is suggesting a direct connection, instead. In earlierdiscussions, people argued that an SSL connection offered someprotection, or warning about pharming attacks.


> On Tue, 27 Jun 2006 08:49:13 +0000 (GMT)
> Brate Sanders <brate_sanders@xxxxxxxxxxx> wrote:
>

> BS> BS> Is there a security issue hidden somewhere in there or is itjust a bug report sent to the wrong mailing list address? :-)

--
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- Re: [Full-disclosure] UnAnonymizer
  - From: Peter Besenbruch
- Re: [Full-disclosure] UnAnonymizer
  - From: Brate Sanders
- Re: [Full-disclosure] UnAnonymizer
  - From: Cardoso

Prev by Date: [Full-disclosure] Re: Is Windows TCP/IP source routing PoC code available?
Next by Date: [Full-disclosure] error_log() Safe Mode Bypass PHP 5.1.4 and 4.4.2
Previous by thread: Re: [Full-disclosure] UnAnonymizer
Next by thread: Re: [Full-disclosure] UnAnonymizer
Index(es):
- Date
- Thread