Full Disclosure mailing list archives
Re: Nokia phone forcing traffic through proxy
From: Kim Henriksen <kh () ipimp at>
Date: Wed, 12 Dec 2012 18:39:04 +0100
Opera has done this for quite some time now. They translate and compresses the website into their own language called OBML: http://dev.opera.com/articles/view/opera-binary-markup-language/ On Fri, Dec 7, 2012 at 9:01 PM, Philip Whitehouse <philip () whiuk com> wrote:
On 7 Dec 2012, at 19:03, Jeffrey Walton <noloader () gmail com> wrote:On Fri, Dec 7, 2012 at 11:55 AM, Gaurang Pandya <gaubrig () yahoo com>wrote:It has been noticed that internet browsing traffic, instead of directly hitting requested server, is being redirected to proxy servers. They get redirected to Nokia/Ovi proxy servers if Nokia browser is used, and toOperaproxy servers if Opera Mini browser is used. More detailed info at : http://gaurangkp.wordpress.com/2012/12/05/nokia-proxy/It sounds a lot like http://click-fraud-fun.blogspot.com/. We know proxies can cause a lot of trouble in practice. For example,http://blog.cryptographyengineering.com/2012/03/how-do-interception-proxies-fail.html .Proxies and data snatching are the reason to pin certificates when using VPN and SSL/TLS if a pre-existing relationship exists (for example, you know the host and its public key). Are you talking to an Nokia/Ovi proxy, an Interception proxy (perhaps enabled by Trustwave), or the host expected during a SSL/TLS negotiation? We now have a much better body of knowledge. Its too bad most browser don't offer the features for those who are security conscious. On Android, Google went so far as to offer pinning as "opt-in" for sites:http://groups.google.com/group/android-security-discuss/browse_thread/thread/f5898be7ee9abc48 .JeffBlackBerry does this, Amazon Kindle Fire almost certainly does it, for caching purposes. I'm not sure whether that's why the Nokia phone is doing it though - you need a good infrastructure to support it. Regards, Philip Whitehouse _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
-- Mvh. Kim Henriksen
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Nokia phone forcing traffic through proxy Gaurang Pandya (Dec 07)
- Re: Nokia phone forcing traffic through proxy Jeffrey Walton (Dec 07)
- Re: Nokia phone forcing traffic through proxy Philip Whitehouse (Dec 08)
- Re: Nokia phone forcing traffic through proxy Kim Henriksen (Dec 13)
- Re: Nokia phone forcing traffic through proxy Philip Whitehouse (Dec 08)
- Re: Nokia phone forcing traffic through proxy Jeffrey Walton (Dec 07)