on the web

Up

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

A proxy server is a site that surfs for you, Let's say you want to browse HuntSab.org web site for research projects but don't want to let them know you visited the site (all web hosts keep a record of your visit) Utilizing a proxy server you browse the site

 

To use a free proxy is very simple, only 1 browser setting needs to be adjusted.

FireFoxFor FireFox users go to (Tools > Options > General > Connection Settings) and select "Manual Proxy Configuration", and enter in an IP and Port from our list into the text boxes.

Internet ExporerFor Internet Explorer users go to (Tools > Internet Options > Connections > Lan), select "use proxy server" and enter in an IP and Port from our list.

Major Internet security flaw also affects e-mail

By JORDAN ROBERTSON, AP Technology WriterThu Aug 7, 6:46 AM ET
 

A newly discovered flaw in the Internet's core infrastructure not only permits hackers to force people to visit Web sites they didn't want to, it also allows them to intercept e-mail messages, the researcher who discovered the bug said Wednesday.

Considering the silent nature of the attack and the sensitive nature of a lot of electronic correspondence, the potential for damage from this second security flaw is high. But there's no evidence yet that this method of targeting e-mail has been used in a successful attack.

Dan Kaminsky of Seattle-based security consultant IOActive Inc. exposed a giant vulnerability in the Internet's design that, in one case, allowed hackers to reroute some computer users in Texas to a fake Google.com site loaded with automated advertisement-clicking programs, a scam to generate profits for the hackers from those clicks.

The flaw wasn't in the site itself, it was in the back-end machines responsible for guiding computers to that site.

The vulnerability Kaminsky found is especially insidious because it allows criminals to tamper with machines whose reliability and trustworthiness is critical for the Internet to function properly.

Kaminsky, who spoke Wednesday at the Black Hat hacker conference in Las Vegas, has given few details publicly about the vulnerability he found in the Domain Name System (DNS), a network of servers used to connect computers to Web sites.

He remained tightlipped so that Internet providers would have time to fix their machines. Many have done that, but others have delayed, leaving some people at risk.

Major vendors like Microsoft Corp., Cisco Systems Inc., Sun Microsystems Inc. and others have issued patches — software tweaks that cover the security hole and prevent affected machines from ingesting the bogus information hackers are trying to feed them.

"The industry has rallied like we've never seen the industry rally before," Kaminsky said.

Kaminsky's talk Wednesday at the conference was packed, with people sitting on the floor of the main speaker's hall and overflowing out the back doors. His presentation instantly became one of the Black Hat conference's most anticipated after he announced July 8 that he'd found a major weakness in DNS, a critical part of the Internet's plumbing.

While some details leaked out early — security researchers accurately guessed parts of Kaminsky's discovery — he was able to keep a few juicy bits secret until the talk.

One of those was the susceptibility of many e-mail servers to the DNS vulnerability, an opening that gives criminals a way to plant themselves in the middle of the transmission from the sender to the recipient and redirect messages to their own servers, Kaminsky said.

The result: criminals have a way not only to comb through the contents of those messages, but also to gain access to other password-protected Web sites the victims belong to.

That's because most sites have a feature that allows members to retrieve their passwords by e-mail if they've forgotten them. If a criminal has access to the account where that message is sent, he can then begin snooping on the contents of that account, from e-mail, to banking, to retailer sites.

The thrust of the DNS flaw is that it allows hackers to attach bad information to packets flowing in and out of DNS servers so they change the directions they give to certain Web sites.

It's the equivalent of turning around a street sign to send drivers down the wrong street.

So someone who innocently types in the address of a legitimate Web site can be strong-armed instead into going to a malicious site under the criminal's control. Because the attack happens at the network level, and the browser believes it's visiting the legitimate site, the attack is nearly impossible for users to detect.

Many e-mail servers are vulnerable because they also handle DNS traffic, Kaminsky said. Even if they only handle internal inquiries, if they interact with external DNS servers, that's often enough to expose them to attack.

Hackers are thus able to manipulate the packets associated with e-mail traffic the same way they manipulate the packets associated with general Web traffic.

Hackers target Google Gadgets

By JORDAN ROBERTSON, AP Technology WriterThu Aug 7, 12:07 AM ET
 

One of the biggest problems with the so-called Web 2.0 movement has been its encouragement of oversharing — which often means underestimating security risks. Adding doodads of varying quality to a home page can add a lot of pizazz, but can also be fraught with danger, since they can open a door for hackers.

It's a threat even for the biggest Web companies, including Google Inc., whose "gadgets" — little programs like calendars or daily photo feeds that users can implant onto their personalized Google home pages — are increasingly juicy targets for hackers, two security researchers said Wednesday.

It's not that Google is designing insecure programs.

The issue is that users building their own customized applications, and distributing them through Google, might have evil intentions and try to exploit those programs once they're installed on users' pages. Many users are inclined to inherently trust what they download from Google.

Robert Hansen, chief executive of security consultant SecTheory, and Tom Stracener, senior security analyst with security testing software maker Cenzic Inc., demonstrated an attack Wednesday at the Black Hat hacker conference in Las Vegas in which they used a malicious gadget to break into a person's Web browser and read their searches in real time.

Malicious gadgets — if a user were to download one of them — could be used in a variety of other attacks, including one where one gadget steals information from another, a valuable attack against gadgets that store personal user information, Hansen and Stracener said.

"How do you know it's a legitimate gadget?" Hansen asked. "Because someone uploaded it? There's no moderation, there's no way to guarantee it won't turn bad."

Google isn't alone.

The company is fighting a common problem facing social-networking Web sites and other sites that encourage users to spruce up their pages with little knickknacks that reach out to the outside world to deliver pictures or other content. The applications run code on the page that can be used for good or evil.

Google disputes Hansen's characterization of its vetting process for gadgets.

The company said in a statement that it scans all gadgets regularly for malicious code, and in the "very rare" instance in which one is found, it's immediately blacklisted.

Google added that since November 2007 no new "inline" gadgets — which have access to user account information — have been created. And the authors of existing "inline" gadgets can't modify them further.

The company defended its program and said gadgets are created by developers from around the world and "provide a convenient way for users to view information collected from around the Web in one place."