BugZone: Nothing's perfect...

This is where our community discusses almost anything! While we're mainly a Cambodia expat discussion forum and talk about expat life here, we debate about almost everything. Even if you're a tourist passing through Southeast Asia and want to connect with expatriates living and working in Cambodia, this is the first section of our site that you should check out. Our members start their own discussions or post links to other blogs and/or news articles they find interesting and want to chat about. So join in the fun and start new topics, or feel free to comment on anything our community members have already started! We also have some Khmer members here as well, but English is the main language used on CEO. You're welcome to have a look around, and if you decide you want to participate, you can become a part our international expat community by signing up for a free account.
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Reputation: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Post by Advocatus Diaboli »

Therapist wrote:bla bla bla bla bla
Thank you my dear Therapist, I always enjoy your elaborate, hypocritical comments made up out of thin air.
Btw- I didn't "bump heads" with Scoffer. The opposit is the case-I gave him Karma, and I didn't defend Flying Chicken.
BOFH
Expatriate
Posts: 957
Joined: Wed Nov 19, 2014 10:27 am
Reputation: 3

Re: BugZone: Nothing's perfect...

Post by BOFH »

Advocatus Diaboli wrote:Yes, I just saw that - you are right of course. But why would an exit node redirect to localhost, and why is Vidalia coming up with this warning message ? Btw, as far as I can tell from the screenshots JavaScript and NoScript is disabled.
The exit node wouldn't redirect to localhost, if that was the case then the site wouldn't load. I'm not sure what that request is for actually, maybe some Tapatalk detection or something else that this forum does. Hard to say, I don't see the connection, but it's possibly executed with JavaScript.

One possibility is that the specific exit node is injecting JavaScript, CEO is after all HTTP only, possibly in an attempt to gather fingerprints for deanonymization. I don't have any good answer, but I do know that Tor is usually pretty effective with its BadExit flagging of malicious relays.

Oddly enough, NoScript is disabled by default in the Tor browser bundle. My recommendation would be to enable it and thus block JavaScript.

It is, however, very easy to make this forum create requests to stuff. The avatar field allows any URL to load as an image, so if someone sets their avatar to http://localhost:433/something_on_the_server.jpg then that would probably work and trigger ::1:443 requests wherever the avatar occurs.
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Reputation: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Post by Advocatus Diaboli »

BOFH wrote: One possibility is that the specific exit node is injecting JavaScript, CEO is after all HTTP only, possibly in an attempt to gather fingerprints for deanonymization.
????Try to follow you, but I'm not a technician. So who is trying to gather fingerprints.....the exit node or CEO ?
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Reputation: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Post by Advocatus Diaboli »

BOFH wrote:
I'm not sure what that request is for actually, maybe some Tapatalk detection or something else that this forum does.
I'm aware that one can install TOR on Android, BUT she's going through China. The normal Tor version doesn't work in China......you need a special version of TOR or some special add-ons for TOR(forgot the name). These add-ons wouldn't work on Android so I'm pretty sure that she's using a normal computer.
BOFH
Expatriate
Posts: 957
Joined: Wed Nov 19, 2014 10:27 am
Reputation: 3

Re: BugZone: Nothing's perfect...

Post by BOFH »

Advocatus Diaboli wrote:????Try to follow you, but I'm not a technician. So who is trying to gather fingerprints.....the exit node or CEO ?
If that is the case, the exit node.
Advocatus Diaboli wrote:I'm aware that one can install TOR on Android, BUT she's going through China. The normal Tor version doesn't work in China......you need a special version of TOR or some special add-ons for TOR(forgot the name). These add-ons wouldn't work on Android so I'm pretty sure that she's using a normal computer.
Tor provides hidden bridges rather than visible entry nodes to bypass the Chinese firewall.

She is definitely using a Windows PC, but regardless of what she uses the forum has Tapatalk installed on the server side. It's not a strong guess, but it's a possibility that Tapatalk identifies itself via a local 443 listen which the server then polls to detect it. I don't know honestly, I've never used Tapatalk and am just spamming random guesses.
Advocatus Diaboli
Expatriate
Posts: 833
Joined: Mon May 04, 2015 9:42 pm
Reputation: 0
Location: Timbuktu

Re: BugZone: Nothing's perfect...

Post by Advocatus Diaboli »

Securitywise that sounds a bit concerning to me.
User avatar
Kung-fu Hillbilly
Expatriate
Posts: 4152
Joined: Sat May 17, 2014 11:26 am
Reputation: 4963
Location: Behind you.
Australia

Re: BugZone: Nothing's perfect...

Post by Kung-fu Hillbilly »

Post Reply is failing to post often, the connect icon just sitting there spinning with no connection resulting in no post being made. happened before as well.
User avatar
phuketrichard
Expatriate
Posts: 16790
Joined: Wed May 14, 2014 5:17 pm
Reputation: 5733
Location: Atlantis
Aruba

Re: BugZone: Nothing's perfect...

Post by phuketrichard »

Kung-fu Hillbilly wrote:Post Reply is failing to post often, the connect icon just sitting there spinning with no connection resulting in no post being made. happened before as well.
happens all the time to me wheel spins and spins
sometimes takes a few minutes till i can post a reply
sometimes just times out p an i give up

wonder how many dont post cause of the problem doing so...
In a nation run by swine, all pigs are upward-mobile and the rest of us are fucked until we can put our acts together: not necessarily to win, but mainly to keep from losing completely. HST
User avatar
Kung-fu Hillbilly
Expatriate
Posts: 4152
Joined: Sat May 17, 2014 11:26 am
Reputation: 4963
Location: Behind you.
Australia

Re: BugZone: Nothing's perfect...

Post by Kung-fu Hillbilly »

I stopped frequenting the site because of it for a period, which pleased many I'm sure.

It's been good for a week but now back.
UnluckyBurger
setuid(0);
Posts: 89
Joined: Tue Jul 21, 2015 1:01 pm
Reputation: 0

Re: BugZone: Nothing's perfect...

Post by UnluckyBurger »

It's being worked on.
Post Reply Previous topicNext topic
  • Similar Topics
    Replies
    Views
    Last post

Who is online

Users browsing this forum: Ahrefs [Bot], Bobby66, Khmu Nation, Moe and 1259 guests