Archive for the Anonymity Category
Does anybody know what this XeroBank guy is talking about?
SPP can't obviously stand for Site Pecurity Policy. It wouldn't make sense (spelling and grammar aside) because SSP is not meant and not going to replace NoScript anytime soon. The SSP we know does not allow "users to protect against" anything, it just allows compliant web sites to protect their own users (which is great, anyway).
So, any hint about this SPP supposed NoScript killer?
As I can easily tell by looking at flashgot.net and noscript.net Apache logs, every day the blogosphere gets flooded by copycat articles about "Top 5 Firefox Extensions" or "Best 10 Add-ons".
Thanks to Dave Drager for the useful reminder.
26 09 2007Giorgio in IE, Anonymity, Flash, Java, Security, NoScript
It's really time to sleep in my timezone, but I just couldn't resist when I read latest RSnake's post about Deanonymizing Tor and Detecting Proxies.
The basic concept, not terribly new by the way, is that browser proxy settings cannot be enforced on browser plugins, which happily ignore them in some circumstances, e.g. when establishing a direct TCP socket connection.
ActionScript object is used to bypass browser's proxy setting and connect to a tiny server written in Perl, listening on port 9999 and echoing client's IP.
Here's the ActionScript code:
And here's the Perl server:
Today's lesson is: if you want to stay anonymous, you'd better turn off Java, Flash and any other plugin!
I've just learned that some months ago a guy called yawnmoth demonstrated an Unmasking Java Applet. Just like my Flash-based one, this works also in browsers, like IE, not supporting LiveConnect.
Bad Behavior has blocked 3500 access attempts in the last 7 days.