Re: Deanonymizing SafeWeb Users

From: Alexander K. Yezhov (admin@leader.ru)
Date: 02/15/02


Date: Fri, 15 Feb 2002 21:04:35 +0300
From: "Alexander K. Yezhov" <admin@leader.ru>
To: bugtraq@securityfocus.com

Following upon the letter of Tuesday, February 12, 2002:

DM> Although SafeWeb's Web anonymizing service has been shut down
DM> since December, they claimed it was the "most widely used online
DM> privacy service in the world".

I don't know who is using the SafeWeb engine now, but before this
service was closed I've had a chance to make sure that it fails to
catch object manipulations. Tested with simple script:

myObj=new Object(window);
myObj.myMethod = open;
myObj.myMethod('http://tools-on.net');

Best regards, Alexander

-----------------------------------------------------------------------
         MCP+I, MCSE on Windows NT 4, MCSE on Windows 2000
  http://leader.ru http://tools-on.net (Security & Privacy on the Net)
-----------------------------------------------------------------------