|
News for
041499
|
contributed by Seraphic Artifex
An article posted to alt.comp.virus last Sunday claims that most of the
Web Anonymiser programs that are currently available have serious
security flaws and may not really be protecting your privacy as claimed.
The post covers four of the most popular internet anonymising services
Anonymizer, Bell Labs, Naval Research Laboratory, and Aixs. The post claims that these
methods of protecting your privacy have two inherent flaws. One is using
JavaScript to pull IP addresses, the second is to redirect the browser to
another web page and thereby removing the anonymising features by
bypassing the proxy.
Security Holes in Web
Anonymizing Services - Original Post
HNN contacted Zero-Knowledge Systems, the only company _not_ mentioned in
the above advisory, and they had this to say...
Re: JavaScript Querying for IP
Tweaking JavaScript to pull IP addresses is no different than
creating a virus. Anything in the application layer requires much
more effort to scan for malicious content. Freedom scans all content,
ensuring that a user's IP address cannot leave the TCPIP
stack unanonymized, whether JavaScript requests it or not. However,
like a virus, people can always design around systems so the real
challenge for Zero-Knowledge is to catch these attempts and correct them.
Re: Turning Off the "Anonymizing" Feature
Redirecting a user to another web page and thus moving the browser into
a "non-anonymous" mode is not an issue with Freedom. Working at the
driver level, Freedom is application independent and therefore does not
rely on running your browser through an anonymizing proxy.
Zero-Knowledge
Systems
Wired magazine comes up with an article on the subject.
Wired
|
|
contributed by Simple Nomad
This commercial product has been out a while, but it is damn interesting.
Remember in Sneakers when Dan Ackroyd rigged up an audio lie detector?
Now you can have your very own with a handy point and click interface,
called Truster. No social engineer should be without it -- to make sure
no one lies about that snarfed password and to test their elite SE
skills. Comes in home and "professional" versions.
Trustech LTD.
|
|
contributed by Weld Pond
Script Kiddies are making it difficult for security experts to weed out
the real threats. By using easy to use off the shelf software script
kiddies are creating a noise cloud that makes it difficulty to see the
real attacks.
Australian
Financial Review
|
|
contributed by Code Kid
A recent article in Yahoo Life that labeled Washington State University
as the countries most wired school is being blamed for recent 'hack'
attacks.
Spokane
Review
|
|
contributed by Weld Pond
This is taken directly from the article ""The average "cyberpunk'' is a
white, middle-class male, aged 12 to 28, who lacks social skills and
comes from a dysfunctional family, says Marc Rogers, who is studying
hackers for his graduate thesis. "They usually have not the best social
skills. They tend to be the loners,'' the former Winnipeg police officer
says. "They feel a lot more comfortable behind a computer system than in
face-to-face interaction."" I don't think anything more needs to be
said.
The
National Post
|
|
contributed by Anonymous
Cracked!
Lots of international cracks reproted today. Some protesting NATO
actions, some protesting Kevorkian being sentanced and some not
protesting anything at all.
http://mexico.silverserver.co.at
http://pitesti-gw.mediacom.pcnet.ro
http://chiavari.omninet.it
http://rapallo.newnetworks.it
http://servizi.raffo.it
http://nazi.org
http://hitler.org
http://www.amerika.org
http://www.moral.org
http://www.genocide.org
|
|
|
