Re: [Full-disclosure] Different google interface when using some Tor exit nodes
Salut, On Thu, 2006-06-01 at 14:46 +0100, Naxxtor Security wrote: Whilst using the Tor network to search google, once in a while the google search results interface changes to the new look, as described here: http://arstechnica.com/news.ars/post/20060326-6460.html This is due to IP based defaults. Google looks different from different countries. Walk around in the world with your laptop and you'll see what I mean. This is not a Tor vulnerability. Tonnerre -- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33Roeschenzerstrasse 9 Fax:+41 61 383 14 674153 Reinach Web:www.sygroup.ch [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Different google interface when using some Tor exit nodes
I'm aware of that, however, is there any particular reason why the exit nodes that I've been observing load that version? Are they owned by Google developers working on the new interface? Or are they just normal users? Perhaps they are corporate users who have a deal with Google? There doesn't seem to be any link to the physical location of the nodes. It might not be a Tor vulnerability, but it could be a Google vulnerability. Tonnerre Lombard wrote: Salut, On Thu, 2006-06-01 at 14:46 +0100, Naxxtor Security wrote: Whilst using the Tor network to search google, once in a while the google search results interface changes to the new look, as described here: http://arstechnica.com/news.ars/post/20060326-6460.html This is due to IP based defaults. Google looks different from different countries. Walk around in the world with your laptop and you'll see what I mean. This is not a Tor vulnerability. Tonnerre ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Different google interface when using some Tor exit nodes
This is due to IP based defaults. Google looks different from different countries. Walk around in the world with your laptop and you'll see what I mean. Just do : http://www.google.com/ncr the /ncr stands for no country recognition. Then you get the default (english) interface. /mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Different google interface when using some Tor exit nodes
I'm aware of that, however, is there any particular reason why the exit nodes that I've been observing load that version? Are they owned by Google developers working on the new interface? Or are they just normal users? Perhaps they are corporate users who have a deal with Google? There doesn't seem to be any link to the physical location of the nodes. Yes, there is. Google tries to figure out what country you're in, and present the interface in that language. Look at where your TOR node is, first by going to something like : http://checkip.dyndns.org .. and then to : http://serifos.eecs.harvard.edu/cgi-bin/exit.pl?textonly=1 See what country your exit node is in. I'd bet the Google interface matches the country of the TOR node. /mike. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Re: [Full-disclosure] Different google interface when using some Tor exit nodes
Yes, that is strange. I don't think that it means tor is caching cookies in exit points, but it is likely that there is a way to bind that preference to your IP as opposed to the cookie like in the article. I tried this 1. started tor 2. checked the IP of my exit point 3. did a google search, saw no side bar 4. activated the cookie using the arstechnica method 5. did a google search, saw the side bar 6. deleted the cookie from the browser 7. did a google search, saw no side bar 8. verified that I was still coming out of the same exit point I personally would like to see some of the results you came up with. Also, I have never seen that interface when browsing with tor normally, what would you estimate as the ratio is of exit points with that behavior? - DEAN Naxxtor Security wrote: Whilst using the Tor network to search google, once in a while the google search results interface changes to the new look, as described here: http://arstechnica.com/news.ars/post/20060326-6460.html But the method used there uses cookies. This means one of two things: oThe decision to serve the new interface can be made using cookies or a your source IP. oTor exit nodes cache cookies. With the later being a huge hole in security. On investigation, none of the exit nodes used when the new interface was shown had valid reverse DNS. If people are interested I'll post the results to the list. ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ signature.asc Description: OpenPGP digital signature ___ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
