Theme

Welcome · log in · join	food

	All Forums		Hot Topics		Gallery

Search similar:

Forums → Software and Operating Systems →

Security → Best Hack Ever! No really

uniqs
842

« Cell phone security • SpywareBlaster »

aefstoggaflm Open Source Fan Premium Member join:2002-03-04 Bethlehem, PA Linksys E4200 ARRIS SB6141 3 recommendations	aefstoggaflm Premium Member 2016-Dec-24 4:16 pm Best Hack Ever! No really This news from signal is I think my favourite hack of 2016: »www.pcworld.com/article/ ··· hip.html In summary, Signal and other private messaging systems and several VPN providers have been blocked in Egypt by order of their government. So Signal decided to find a ware around the block that would be so painful to block as to make it infeasible thus, Domain Fronting! What they did was:- quote: In an HTTPS request, the destination domain name appears in three relevant places: in the DNS query, in the TLS Server Name Indication (SNI) extension and in the HTTP Host header, the researchers said in their paper. Ordinarily, the same domain name appears in all three places. In a domain-fronted request, however, the DNS query and SNI carry one name (the front domain), while the HTTP Host header, hidden from the censor by HTTPS encryption, carries another (the covert, forbidden destination). Their research revealed that many cloud service providers and content delivery networks allow HTTP host header redirection, including Google, Amazon Cloudfront, Amazon S3, Azure, CloudFlare, Fastly and Akamai. However, most of them only allow it for domains that belong to their customers, so one must become a customer in order to use this technique. Google, for example, allows redirection through the HTTP host header from google.com to appspot.com. This domain is used by Google App Engine, a service that allows users to create and host web applications on Googles cloud platform. This means that someone can create a simple reflector script, host it on Google App Engine and then use the HTTP host header trick to hide its location from censors. Someone monitoring user traffic will only see HTTPS requests going to www.google.com, but those requests will reach the reflector script on Google App Engine and will be forwarded to a hidden destination. With todays release, domain fronting is enabled for Signal users who have a phone number with a country code from Egypt or the UAE, Open Whisper Systems founder Moxie Marlinspike said Wednesday in a blog post. When those users send a Signal message, it will look like a normal HTTPS request to www.google.com. To block Signal messages, these countries would also have to block all of google.com.
	actions · 2016-Dec-24 4:16 pm ·
Blackbird Built for Speed Premium Member join:2005-01-14 Fort Wayne, IN 3 recommendations	Blackbird Premium Member 2016-Dec-24 5:27 pm More on the domain fronting technique can be found here: »Domain Fronting
	actions · 2016-Dec-24 5:27 pm ·

Nanaki (banned) aka novaflare. pull punches? Na join:2002-01-24 Akron, OH 1 recommendation	Nanaki (banned) to aefstoggaflm Member 2016-Dec-24 5:42 pm to aefstoggaflm Pretty smart and damn slick.
	actions · 2016-Dec-24 5:42 pm ·
Rogue Wolf An Easy Draw of a Sad Few join:2003-08-12 Troy, NY 1 recommendation	Rogue Wolf to aefstoggaflm Member 2016-Dec-24 6:42 pm to aefstoggaflm "You can't stop the signal, Mal."
	actions · 2016-Dec-24 6:42 pm ·

Forums → Software and Operating Systems → Security	« Cell phone security • SpywareBlaster »