[Click here for General Magic.] [Make a custom CD @CDnow!] [] [Image] [Image][Image] updated 3:00 a.m. 14.Apr.99.PDT [Image] [] [] [] [] [] Anonymous Web Surfing? Send this to a friend Uh-Uh Page 2 2:25 p.m. 13.Apr.99.PDT Printing? Use this version. continued Anonymizer CEO Lance TECHNOLOGY Cottrell said that the Today's Headlines company is responding to [] Smith's alert. But he QuickTime 4.0 said that to exploit the Plays MP3 vulnerability, a site would have to be Serving Linux to actively seeking to do the Masses so. Satellite Searches "In any case, being for Big Bang bounced out of the Anonymizer would only A Search For the show that the person had Highest Bidder been there, but would not allow correlation Anonymous Web with any postings," Surfing? Uh-Uh Cottrell said, adding that no anonymizer Opera Hire Sings system can promise to Standards perfectly sealed identity. C&W's High-Bandwidth "The systems we are Gambit working with are simply too flexible, and allow Domain Name List things to be done in too Is Dwindling many ways, for security to be perfect. We try to Www.Isyourdomainnamehere.Com? anticipate all the loopholes we can, then A Call for Public act like lightning when Cell Studies a unforeseen hole is reported." IBM, Real Team on E-Music Attempts to reach representatives at the Court Clears Aixs service were PlayStation Clone unsuccessful. Will MP3 Walk Over With the Lucent Walkmans? Personalized Web Assistant and Onion FAA on Y2K: Ready Routing service, Smith for Takeoff found a different type of problem. "With a Opening Windows? simple JavaScript Just a Crack expression, I was able to query the IP address and host name of the browser computer." Once JavaScript has this information, he said it can easily be transmitted it back to a Web server as part of a URL. He said that the same tests run with Internet Explorer 4.0 did not produce the same vulnerabilities. Jeremey Barrett, an engineer for the Onion Routing System, said that the problem lies with the browsers, not with anonymizer services like his. Browsers, he said, will surrender a user's IP address to sites that request it with JavaScript or ActiveX code. Browser manufacturers have released patches periodically as issues surrounding the acknowledged risks of executing JavaScript and ActiveX code have surfaced. "The only way to prevent this, regardless of the anonymizing system used, is to filter out the JavaScript code using some form of proxy," said Barrett. He also said that Onion Routing is not simply an anonymizer meant to keep an individual site from knowing who's visiting. "Rather, it's meant to prevent anyone else from knowing that you are talking to a particular Web server." "For example, you might log into your bank's Web site over the Onion Routing system. You would very definitely want the bank to know who you were, but you might not want anyone to know you were talking to your bank." For airtight Web browsing, any feature beyond basic HTML would have to be turned off in the browser; that's the nature of the approach taken by the Anonymizer as it strips out such code. Smith would like to see any anonymizer service provide both the proxy and the standard anonymizing service that strips data from a user's browsing trail. Meanwhile, anonymizing services should warn their users and fix the bugs. "Netscape should fix how it handles Java so that it doesn't leak people's IP address. This bug does not exist in IE4," Smith said. He reported the problem to Netscape last September, but said that the company still hasn't provided a fix. << Back 2 of 2 [] [] Send us feedback | Work at Wired Digital | Advertise with us About Wired Digital | Our Privacy Policy Copyright © 1994-99 Wired Digital Inc. All rights reserved. []