novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| reply to Daniel
Re: Anonymnity: Introduction To The Tor Network
They say its a series of routers but what it realy is is a bunch of proxies. Saying its distributed simply means its the same as all distributed computing. Many of these proxies will be running on peoples computers. Many of these people will be on slow connections and or computers loaded down with spyware and various other nasties. Again its the same deal it says encrypted well thats great. But heres the problem soem one will create a custom tor server and will then be able to do exactly what ive been saying about proxies for the last 4 or 5 years. And that is capture your log in information etc. Do not use this thing as a meathod for adding security to your computer and connection in the end you will be very insecure. Ive seen proxies used to steel personal information useing a non expireing cached page that had been modified. It was not long ago that i created a POC page to test and see if it did infact work. With out any special codeing and very little coding of my own i was able to make a simple web page that looked just like a legit login page. This page when information was filled in logged you in (a test hotmail account) but at tthe same time it emailed me the log in information for the account. The page was a copy paste job nothing more. A identify theif needs to know very little in the way of createing a website to pull this off. They need 3 thing
1 target bank paypal etc login page
2 to find a contact us page that uses email
3 a proxy server with cacheing capabilies
To set it up they make the cache in the proxy non expireing copy paste the html from the contact us page in to the log in page and drop the login page to cache of the proxy.
and oh yeh 4 a person to forget to not use a proxy when going to the site(s) they targeted or some one foolish enough to think the proxy makes them more secure.
This is not something that was just done by me as a POC but realy did happen and i was involved in trying to find out how it was doen. It took me a little more than 5 or 6 hours to find out how it was done and recreate and prove it was possible. My web dev knowlage is very out of date. The last web site i hand coded was in late 96 early 97.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
novaflare
The Dragon Was Here
Premium
join:2002-01-24
Barberton, OH
| Now there are very legitimate and good uses for proxies.
Say your a exchange student from a asian country (take your pic for my example it dont matter) (i bet we have a few exchange students on these boards ither from asia or in asia).
As a echange student you need to go to your schools site daily. But your connection is very slow to it 3 secound ping times .5kb and its very painful to go there. Well connection to asia are very slow when your last hop is on the eastern or western coast of the us but when tyhey go out the gulf they are much quicker say 250 ms and 60 to 80KB. So what you want to do is find a proxy in texas or the gulf area. This will help to make sure your connection goes out through the gulf. For exchange students in the asian countries needing to access sites here you could use the same proxy as the exchange student in the us entering the us from the gulf.
--
DSLR security chat at us.ausirc.net chanel #dslr_sec lets pack this channelopen source dns server for *nix and windows »powerdns.com |
|
