On Wed, Dec 18, 2002 at 12:03:29PM -0600, Jason Jaszewski wrote:
hi,
> Say I want to surf the web using anonymous proxy servers around the web. I
> have encountered several Windows apps that will bounce traffic to different
> proxy servers around the Internet. I understand how this works, however, I
> am wondering about the security of it. Say a user wants to authenticate with
> web mail, such as hotmail. When he or she authenticates with hotmail, that
> traffic would also pass through the anonymous proxy servers. I assume this
> can/does lead to someone getting password and username information from the
> data that goes through the proxy server, in a way using a proxy server to
> collect this sort of information from consumers who don't know any better,
> but were informed by someone that this "anonymizes" Internet surfing. Just
> how good are these anonymous web surfing applications/services in this
> respect? I am asking from the standpoint of using this to add another level
> of security to an otherwise tight system.
what u hv mentioned is indeed true. the passwords *can* be sniffed, but if the servers
provide a secure (https) transfer of atleast the password, then the user is saved. But
then there is this issue of the user-id. If the user id is transfered in clear text
then there is this problem of spam. I dunno if the user name is sent out in clear text
or not. But of what I v sniffed of yahoo's transmissionit looks that the user id is
not sent across.
May be some1 more knowledgable can clarify
hth
phani
