Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email email@example.com
Re: [Full-disclosure] UnAnonymizer
From: Peter Besenbruch (prblava.net)
Date: Tue Jun 27 2006 - 13:44:17 CDT
Michael Holstein wrote:
>> The 'trick' is to obtain this information regardless of proxy settings
>> and in the case of SOCKS4, be able to identify your real DNS servers.
>> This is accomplished using a custom DNS service along with a Java
>> applet that abuses the DatagramSocket/GetByName APIs to bypass any
>> configured proxy. The source code of the applet is online as well:
>> - http://metasploit.com/research/misc/decloak/HelloWorld.java
> Smart TOR users are using Firefox + NoScript + Flashblock to begin with
> even dumber still to allow Java Applets) when you're trying to be
As I normally do. Let's also mention that settings in Adblock and
entries in the hosts file could mess up the experiment. For those not
familiar with the Noscript extension, it can be set to block Flash as
well. Flash itself can also be configured for tighter privacy, though if
I were serious about anonymity, I wouldn't trust it.
> Using a WRT54g+Linux+Tor (or running the TOR router on a seperate
> machine) prevents this entirely since *all* traffic is routed into TOR
> and anything that's not falls into the bitbucket.
Here is a person that wants a SLOOOOW connection. ;)
> Those that wish to be anonymous .. always will be :)
Let's not forget that those wanting anonymity make mistakes like the
rest of us. That's the kind of thing that Moore is trying to capitalize
on. Some simply don't like the tracking associated with having a fixed
IP, therefore the stakes behind a revealed IP are fairly low. The stakes
go up when someone engages in bad behavior, or when his/her Web browsing
habits arouse government interest.
Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/