Re: Yahoo Mail and Tor

[Scott Bennett <bennett@xxxxxxxxxx>]

     On Wed, 15 Jul 2009 00:50:23 -0400 : Andrew Lewman <andrew@xxxxxxxxxxxxxx>
wrote:
>On 07/09/2009 01:36 PM, Lee wrote:
>
>>>> enable-remote-toggle  0
>>>> enable-remote-http-toggle  0
>>>> enable-edit-actions 0
>>>> allow-cgi-request-crunching 0
>>> I'm trying to find the email thread, but until then, even with these
>>> set, it was demonstrated someone can manipulate your privoxy config by
>>> making your tor client pass strings from localhost.
>
>The best thread I can find on this topic is
>http://archives.seul.org/or/talk/Nov-2007/msg00323.html
>
>My memory of the details recalls that even with everything set to 0,
>there was something that could enable the admin interface by referrer
>spoofing, and then you've lost.

     Then you're remembering it from somewhere else because neither that
thread nor the first of the two it refers to say anything about it.  (The
second reference is apparently no longer available at the link given.)
>
>However, I can't find the details so, perhaps it's time to check out the
>current versions of privoxy and re-evaluate.  I'd love to stop shipping
>a powerpc-only privoxy with the osx bundles, at a minimum.
>
     privoxy 3.0.12, IIRC, comes with better files for filtering out junk
and other problems than the long obsolete 3.0.6 did.


                                  Scott Bennett, Comm. ASMELG, CFIAG
**********************************************************************
* Internet:       bennett at cs.niu.edu                              *
*--------------------------------------------------------------------*
* "A well regulated and disciplined militia, is at all times a good  *
* objection to the introduction of that bane of all free governments *
* -- a standing army."                                               *
*    -- Gov. John Hancock, New York Journal, 28 January 1790         *
**********************************************************************