The Naked Scientists

The Naked Scientists Forum

Author Topic: Your web proxy has been bypassed :-o  (Read 9890 times)

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Your web proxy has been bypassed :-o
« Reply #25 on: 29/01/2012 13:26:26 »
... you'd need to switch off javascript and CSS in your browser.

Thanks Nicephotog: disabling CSS prevented the data leak with the Anonymouse web-proxy (which gave away my IP) ...



« Last Edit: 29/01/2012 13:36:47 by RD »
 

Offline nicephotog

  • Sr. Member
  • ****
  • Posts: 387
  • Thanked: 7 times
  • H h H h H h H h H h
    • View Profile
    • Freeware Downloads
Re: Your web proxy has been bypassed :-o
« Reply #26 on: 29/01/2012 19:46:13 »
CDATA sections of XML also contain javascript re: markup comments
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Your web proxy has been bypassed :-o
« Reply #27 on: 29/01/2012 20:19:30 »
I checked with and without javascript enabled, anonymity was achieved with both,
provided CCS was disabled when using anonymouse.org
 

Offline CliffordK

  • Neilep Level Member
  • ******
  • Posts: 6321
  • Thanked: 3 times
  • Site Moderator
    • View Profile
Re: Your web proxy has been bypassed :-o
« Reply #28 on: 29/01/2012 21:11:59 »
it only seems to work with Firefox which is a nuisance as I need IE9 for banking.

Good thing I don't use your bank, as I don't have IE Anything loaded on my computer   [xx(]
 

Offline RD

  • Neilep Level Member
  • ******
  • Posts: 8132
  • Thanked: 53 times
    • View Profile
Re: Your web proxy has been bypassed :-o
« Reply #29 on: 29/01/2012 23:03:37 »
NB: The exit node in a mix network like Tor can read unencrypted data ...

Quote
The Tor website includes a diagram showing that the last leg of traffic is not encrypted, and also warns users that "the guy running the exit node can read the bytes that come in and out of there." But Egerstad says that most users appear to have missed or ignored this information.

Unless they're surfing to a website protected with SSL encryption, or use encryption software like PGP, all of their e-mail content, instant messages, surfing and other web activity is potentially exposed to any eavesdropper who owns a Tor server. This amounts to a lot of eavesdroppers -- the software currently lists about 1,600 nodes in the Tor network.
  http://www.wired.com/politics/security/news/2007/09/embassy_hacks?currentPage=all


« Last Edit: 29/01/2012 23:21:11 by RD »
 

Offline nicephotog

  • Sr. Member
  • ****
  • Posts: 387
  • Thanked: 7 times
  • H h H h H h H h H h
    • View Profile
    • Freeware Downloads
Re: Your web proxy has been bypassed :-o
« Reply #30 on: 30/01/2012 08:55:09 »
...and following from this , CDATA sections of XML also contain javascript re: markup comments

After around 2005 "XHTML" was approved as the standard document type, it almost comes in two varieties of generic comapnies versions but is effectively W3C.ORG specified.

XHTML is HTML added to a new document model classified as XML , so its an XML document, the same can be done on your mobile phone because it uses WML script and WML. WML is a subset of HTML and later XHTML(XML document).

Of the comments , CSS can be embedded in the (X)HTML(can have file extension .html .xhtml .xhtm .htm .xml dependant the pragmas in the declaration and versioning) page or placed in a seperate file associated the page and act inside that part of the document model it is placed for scope(usually the HEAD tag note: is a "document version" of the "server response headers").
CSS itself in version 3 spec can have DHTML/Javascript(note: Javascript is not Java2) among the declarations.
Because of the new XML type of HTML document there were new rules made about how to declare Javascript and CSS and as much in old HTML the Javascript are all wrapped in standard HTML markup comments.
pure XML can also have javascript too, HTML is effectively "render" markup , XML is purely "data markup" though there is a minimal interfacing to XML documents can be done with CSS to render it.

Quote
"the guy running the exit node can read the bytes that come in and out of there."
Where your information goes into the server.... (obviously you have done nothing to it or the server "node" would not understand your garble.)
« Last Edit: 30/01/2012 09:01:57 by nicephotog »
 

The Naked Scientists Forum

Re: Your web proxy has been bypassed :-o
« Reply #30 on: 30/01/2012 08:55:09 »

 

SMF 2.0.10 | SMF © 2015, Simple Machines
SMFAds for Free Forums