Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » SafeWeb Vulnerability Fingerprinting Websites Using Traffic Analysis

SafeWeb Vulnerability Fingerprinting Websites Using Traffic Analysis

by Nikola Strahija on May 11th, 2002 SafeWeb's web anonymizing service is supposed to prevent outside observers, such as a government, from observing the web surfing of its users. It does this by encrypting the traffic between SafeWeb and the user. I have discovered that by analyzing the amount of data transferred to a user, it is possible to determine if a user is viewing a certain website using SafeWeb. This attack can be used by a government, such as the Chinese government, to monitor which of its citizens are using SafeWeb to view seditious websites.


SafeWeb
is partially funded by the CIA. SafeWeb's web anonymizing technology
has been recently licensed to PrivaSec.

===========
Details
===========
For details on the attack, please read my paper that's at:
http://guh.nu/projects/ta/safeweb/

===========
Code
===========
In my mind, you can't really have a good vulnerability announcement
without a matching exploit. (just to um, show that it works... >:)
Get my code from
http://guh.nu/projects/ta/safeweb/fingerprint.pl

===========
Greetz
===========
Shout out to ghost. word to your mom. Oh yes, and the m4dn3ss
lives on. How do you feel about that?

--
^Drew

http://guh.nu

--Begin PGP Fingerprint--
3C6C F712 0A52 BD33 C518 5798 9014 CA99 2DA0 5E78
--End PGP Fingerprint--



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »