[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Yahoo Mail and Tor
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Yahoo Mail and Tor
- From: Lee <ler762@xxxxxxxxx>
- Date: Thu, 9 Jul 2009 13:36:24 -0400
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Thu, 09 Jul 2009 13:36:27 -0400
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type :content-transfer-encoding; bh=LSkY3wo99RN05/1g/xVg1Ko3SpKJGwa1TTqhsX2U560=; b=n1/ifNeec72rIThXYTZ3f+If+YXC546BrFoKOIlLWb1UaSFZsXXGjiWAumzYMOfX3Q Avjrzonpp+aOt/ujnitB30noZeAyKSEaKMgbWmhkdn6NBAD2MlVcbY+IEEHonxqAkFMo /gSGvogLaKFIt3l2juG8cEytqEzOAewA8SY7Y=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type:content-transfer-encoding; b=fYP7328CxZCxhZ7WLuDDTw+s1FzkWezZEaisRkBn9gbtaQLYitMGL2sWzDC4YqYjPb Zxl0XjcuSt2Ue4S5HDgwlhz4zuNQU70GLjH0ETjttLnONsUwDo7hUjWl7Vg1UtiLEtSk rglSRvWQekBRnH07ztD8UKm8gJyzzmxiE6Tjs=
- In-reply-to: <4A56169A.1030800@xxxxxxxxxxxxxx>
- References: <200907091525.n69FP5p7017306@xxxxxxxxxxxxx> <4A56169A.1030800@xxxxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 7/9/09, Andrew Lewman <andrew@xxxxxxxxxxxxxx> wrote:
> On 07/09/2009 11:25 AM, Scott Bennett wrote:
>
>> enable-remote-toggle 0
>> enable-remote-http-toggle 0
>> enable-edit-actions 0
>> allow-cgi-request-crunching 0
>
> I'm trying to find the email thread, but until then, even with these
> set, it was demonstrated someone can manipulate your privoxy config by
> making your tor client pass strings from localhost.
Please post the link when you do find that thread. The only things I
could find were related to an insecure configuration of Privoxy - eg.
http://archives.seul.org/or/talk/Oct-2007/msg00295.html
http://osvdb.org/show/osvdb/48694
http://osvdb.org/show/osvdb/25875
Thanks,
Lee