BugZone: Nothing's perfect...

This is a part of our Cambodia forums to chat about anything, whether it relates to Cambodia or not. This discussion forum is at the top of our site because it's usually the busiest part of the expat community chatter with random topics on just about everything, including expat life, Khmer politics, Cambodian blogs we have or have come across, or whatever else our members want to discuss. Whether you're an expatriate, tourist, Cambodian or random traveler just passing through South East Asia, you are welcome to talk about anything or start new topics yourselves.
User avatar
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Karma: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Postby Advocatus Diaboli » Tue Jul 21, 2015 2:29 pm

Therapist wrote:bla bla bla bla bla
Thank you my dear Therapist, I always enjoy your elaborate, hypocritical comments made up out of thin air.
Btw- I didn't "bump heads" with Scoffer. The opposit is the case-I gave him Karma, and I didn't defend Flying Chicken.
User avatar
BOFH
Expatriate
Posts: 957
Joined: Wed Nov 19, 2014 10:27 am
Karma: 0

Re: BugZone: Nothing's perfect...

Postby BOFH » Tue Jul 21, 2015 2:58 pm

Advocatus Diaboli wrote:Yes, I just saw that - you are right of course. But why would an exit node redirect to localhost, and why is Vidalia coming up with this warning message ? Btw, as far as I can tell from the screenshots JavaScript and NoScript is disabled.
The exit node wouldn't redirect to localhost, if that was the case then the site wouldn't load. I'm not sure what that request is for actually, maybe some Tapatalk detection or something else that this forum does. Hard to say, I don't see the connection, but it's possibly executed with JavaScript.

One possibility is that the specific exit node is injecting JavaScript, CEO is after all HTTP only, possibly in an attempt to gather fingerprints for deanonymization. I don't have any good answer, but I do know that Tor is usually pretty effective with its BadExit flagging of malicious relays.

Oddly enough, NoScript is disabled by default in the Tor browser bundle. My recommendation would be to enable it and thus block JavaScript.

It is, however, very easy to make this forum create requests to stuff. The avatar field allows any URL to load as an image, so if someone sets their avatar to http://localhost:433/something_on_the_server.jpg" onclick="window.open(this.href);return false; then that would probably work and trigger ::1:443 requests wherever the avatar occurs.
User avatar
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Karma: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Postby Advocatus Diaboli » Tue Jul 21, 2015 3:09 pm

BOFH wrote: One possibility is that the specific exit node is injecting JavaScript, CEO is after all HTTP only, possibly in an attempt to gather fingerprints for deanonymization.
????Try to follow you, but I'm not a technician. So who is trying to gather fingerprints.....the exit node or CEO ?
User avatar
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Karma: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Postby Advocatus Diaboli » Tue Jul 21, 2015 3:16 pm

BOFH wrote:
I'm not sure what that request is for actually, maybe some Tapatalk detection or something else that this forum does.
I'm aware that one can install TOR on Android, BUT she's going through China. The normal Tor version doesn't work in China......you need a special version of TOR or some special add-ons for TOR(forgot the name). These add-ons wouldn't work on Android so I'm pretty sure that she's using a normal computer.
User avatar
BOFH
Expatriate
Posts: 957
Joined: Wed Nov 19, 2014 10:27 am
Karma: 0

Re: BugZone: Nothing's perfect...

Postby BOFH » Tue Jul 21, 2015 3:23 pm

Advocatus Diaboli wrote:????Try to follow you, but I'm not a technician. So who is trying to gather fingerprints.....the exit node or CEO ?
If that is the case, the exit node.
Advocatus Diaboli wrote:I'm aware that one can install TOR on Android, BUT she's going through China. The normal Tor version doesn't work in China......you need a special version of TOR or some special add-ons for TOR(forgot the name). These add-ons wouldn't work on Android so I'm pretty sure that she's using a normal computer.
Tor provides hidden bridges rather than visible entry nodes to bypass the Chinese firewall.

She is definitely using a Windows PC, but regardless of what she uses the forum has Tapatalk installed on the server side. It's not a strong guess, but it's a possibility that Tapatalk identifies itself via a local 443 listen which the server then polls to detect it. I don't know honestly, I've never used Tapatalk and am just spamming random guesses.
User avatar
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Karma: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Postby Advocatus Diaboli » Tue Jul 21, 2015 3:44 pm

Securitywise that sounds a bit concerning to me.
User avatar
Kung-fu Hillbilly
Expatriate
Posts: 453
Joined: Sat May 17, 2014 11:26 am
Karma: 19
Australia

Re: BugZone: Nothing's perfect...

Postby Kung-fu Hillbilly » Wed Jul 29, 2015 9:34 am

Post Reply is failing to post often, the connect icon just sitting there spinning with no connection resulting in no post being made. happened before as well.
Sorry, my fucking karma just ran over your dogma.
User avatar
phuketrichard
Expatriate
Posts: 5412
Joined: Wed May 14, 2014 5:17 pm
Karma: 230
Location: the far side of the moon
Aruba

Re: BugZone: Nothing's perfect...

Postby phuketrichard » Wed Jul 29, 2015 10:30 am

Kung-fu Hillbilly wrote:Post Reply is failing to post often, the connect icon just sitting there spinning with no connection resulting in no post being made. happened before as well.
happens all the time to me wheel spins and spins
sometimes takes a few minutes till i can post a reply
sometimes just times out p an i give up

wonder how many dont post cause of the problem doing so...
In a nation run by swine, all pigs are upward-mobile and the rest of us are fucked until we can put our acts together: not necessarily to win, but mainly to keep from losing completely. HST
User avatar
Kung-fu Hillbilly
Expatriate
Posts: 453
Joined: Sat May 17, 2014 11:26 am
Karma: 19
Australia

Re: BugZone: Nothing's perfect...

Postby Kung-fu Hillbilly » Wed Jul 29, 2015 10:47 am

I stopped frequenting the site because of it for a period, which pleased many I'm sure.

It's been good for a week but now back.
Sorry, my fucking karma just ran over your dogma.
User avatar
UnluckyBurger
setuid(0);
Posts: 89
Joined: Tue Jul 21, 2015 1:01 pm
Karma: 0

Re: BugZone: Nothing's perfect...

Postby UnluckyBurger » Fri Jul 31, 2015 4:09 pm

It's being worked on.


  • Advertisement
Booking.com

  • Similar Topics
    Replies
    Views
    Last post

Return to “General Chatter”



Who is online

Users browsing this forum: No registered users and 152 guests