[Full-disclosure] Different google interface when using some Tor exit nodes
Naxxtor Security
naxxtor_security at mailshack.com
Thu Jun 1 14:46:12 BST 2006
Whilst using the Tor network to search google, once in a while the
google search results interface changes to the "new look", as described
here:
http://arstechnica.com/news.ars/post/20060326-6460.html
But the method used there uses cookies. This means one of two things:
o The decision to serve the "new" interface can be made using
cookies or a your source IP.
o Tor exit nodes cache cookies.
With the later being a huge hole in security.
On investigation, none of the exit nodes used when the new interface was
shown had valid reverse DNS. If people are interested I'll post the
results to the list.
Full-Disclosure is hosted and sponsored by Secunia.