RE : Anonymous Proxy Web Surfing

["Nicolas Villatte" <Nicolas.Villatte () advalvas be>]

What you do not control must be considered as insecure.
Besides this, hotmail authentication is passed through SSL, bvut other
webmails are in clear HTTP.

Best regards,

Nicolas.

-----Message d'origine-----
De : Jason Jaszewski [mailto:jmjaszew () facstaff wisc edu] 
Envoyé : mercredi 18 décembre 2002 19:03
À : security-basics () securityfocus com
Objet : Anonymous Proxy Web Surfing

Say I want to surf the web using anonymous proxy servers around the web.
I
have encountered several Windows apps that will bounce traffic to
different
proxy servers around the Internet. I understand how this works, however,
I
am wondering about the security of it. Say a user wants to authenticate
with
web mail, such as hotmail. When he or she authenticates with hotmail,
that
traffic would also pass through the anonymous proxy servers. I assume
this
can/does lead to someone getting password and username information from
the
data that goes through the proxy server, in a way using a proxy server
to
collect this sort of information from consumers who don't know any
better,
but were informed by someone that this "anonymizes" Internet surfing.
Just
how good are these anonymous web surfing applications/services in this
respect? I am asking from the standpoint of using this to add another
level
of security to an otherwise tight system.

Thanks,
Jason

Attachment: smime.p7s
Description: