Comments on: Finding a “hidden” IP address just got easier

By: Random Reader

Random Reader — Sun, 10 Jan 2010 12:36:26 +0000

1.) Step-by-step instrunctions for securing your browser:
http://www.cert.org/tech_tips/securing_browser/

1st Line of Defense, along w/ Firewall
(If you have a broadband connection, make sure you are behind a NAT Router , w/ the default password changed to a secure one

A secure password should be at _least_ eight characters and include a mix of upper and lower case letters as well as numbers and special characters.

2.) Why are the spam posts above still there?

By: Paid Proxy

Paid Proxy — Mon, 11 May 2009 22:48:41 +0000

Crazy how many people still use and others profit with web proxies.

By: Proxy - Unblock Websites

Proxy - Unblock Websites — Sun, 19 Apr 2009 18:09:59 +0000

Just wanna add something here. Need a fast and clean proxy? Try proxy.my

Unblock friendster, facebook, myspace and even youtube!

By: martin

martin — Sun, 28 Dec 2008 09:34:00 +0000

@Anonymous: You are completely correct; a properly configured Tor setup with a “safe” browser is completely safe; but about 99% of all users are “vulnerable” in some way.

Even though everybody who knows a bit about security knows not to use unencrypted mail connections, the attack I linked to managed to capture account information for employees of several embassy’s; people who are supposed to be very security-conscious.

By: Anonymous Tor User

Anonymous Tor User — Sun, 28 Dec 2008 05:28:10 +0000

Actually, there’s only one application that needs to be configured properly: the browser.

1.) DNS queries are caught by Privoxy (an http proxy) by default in Firefox, and if you’re pointing Firefox at Tor (a SOCKS proxy) directly, you have to flip an about:config boolean to get it to use the proxy for DNS.
2.) Java applets depend on Javascript to launch. Javascript is client-side code and as such a sane Tor browsing configuration needs to not allow it. You can use the NoScript plugin to selectively block certain sites, if you need javascript in some places. NoScript is default deny, so scripts from the Decloak engine will still fail.
3.) The Java applet can’t send the packet if it doesn’t load, and it needs javascript to load. This is just #2 part 2. I don’t see how it’s a different application that needs to be configured — this still depends on the Java runtime’s proxy settings even if it loads.
4.) Even if this loads, it sees that I’m on 192.168.0.101. I’m sure that’s devastating to my anonymity, but it won’t matter, because the applet won’t load.
5.) Ooh, foiled again by the javascript. Flash won’t load.
6.) This assumes the browser automatically opens Word files. And that the user has Word installed.
7.) This assumes the browser has a quicktime plugin installed.
8.) This assumes the browser recognized itunes URL’s.

As you can see, every one of the stages can be circumvented via a secure browser configuration. That’s ONE program that you need to configure, not five. And if you absolutely can’t live without javascript and flash, that’s what the TransPort feature is for.

And really, linking to the email sniffing? That’s so noobish. Yes, if you’re an idiot and send plaintext through a proxy, it can be sniffed. Most of the time that plaintext is just HTML and it won’t matter that it’s plaintext; It isn’t like you request webpages by signing your real name.

This is a very poor piece of FUD.

By: Hidden IP Addresses Not Hidden Anymore

Hidden IP Addresses Not Hidden Anymore — Fri, 26 Dec 2008 16:10:50 +0000

[...] and the Net has published a superb write-up of the newly updated Metasploit decloaking engine, utilized to determine the [...]