anonymizer.com doesn't use ssl on target website

[Ka <ka () khidr net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The member service of anonymizer.com may encrypt traffic between 
the client-browser and anonymizer.com-proxy using SSL, but whenever
you click on a SSL-link (say <a href="https://target.com";>) 
anonymizer translates that into a non-ssl link of the same address 
(say http://target.com).

This results in unencrypted, spoofable traffic between the anonymizer-
proxy and the target website. As the contact with an ssl-encrypted 
target-website does certainly contain sensitive information (why 
should it be SSL-encrypted otherwise?), it's probably not a good
idea to use the member services of anonymizer.com IMO - at least 
not on SSL-target-sites.

Vendor-support was contacted, but first ignored the impact of that
programming error

        "That's fine... our service keeps your connection secure."

and then did not answer to the second email within five days.

That might be an indication that anonymizer.com is not very
security-oriented in other aspects also. (?)


Greetingz
Ka
- -- 
Want hear Ancient Music In The Pines?
Must find remote. Must change channel.
http://www.khidr.net/users/ka/pgpkey.asc
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE+UoN872vu22ltWBERAjzvAJ9oTllhK6X2m6oX0v1Z7gUsleMk6wCeJpYd
JC9QQZ85HQ7q4aEmNG8moLY=
=Hy3t
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html