[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] Tor's critique of Ultrasurf: A reply from the Ultrasurf developers

On 04/18/2012 02:07 PM, Kyle Williams wrote:
> So I guess nobody remembers or knows about my brief 15 minutes at Blackhat
> a few years back where I warned about much more than what is being
> disclosed here in regards to Ultrasurf or GIFC.
> Here's the Audit I did from years ago.
> http://www.janusvm.com/Ultrasurf_audit.zip
> Includes Video's of the audit sessions, IP's and hostnames they scan, pcap
> dump, and ZIP files or older version which contain the original
> malware/spyware (you've been warned).
> So here's the very, very short run down Since I'm pressed for time.  This
> is total spyware.  They record all your traffic, and use their "clients" to
> further scan the Internet or INTRANETs in some cases.  They scan banks,
> colleges, and even US Government systems like the Department of Energy
> while using the users to mask the origin or the scans/hacks.  Sneaky shit.
>  They completely blew me off when they got accused of this before, but
> anyone can watch or audit this crap themselves and see they are up to no
> good.  Almost all their old version have a Trojan or spyware or some kind.
> If I recall, the US State Department granted them a 1.5 Million USD for
> something or another.
> http://www.washingtonpost.com/wp-dyn/content/article/2010/05/11/AR2010051105154.html
> Bottom line and simply put, GIFC/Ultrasurf IS VERY BAD AND THE (STUPID) US

Hey Kyle,

I cited your work - I thought it was interesting but it didn't go far
enough. Specifically, I found that some of the traffic you saw is most
likely their decoy traffic - check out my paper, I bet you'd enjoy it.

All the best,

tor-talk mailing list