[ISN] Glype proxy may not cloak your identity

From: InfoSec News <alerts_at_private>
Date: Tue, 4 May 2010 00:44:06 -0500 (CDT)

By Jeremy Kirk
30 April 10

A widely used proxy service thought to provide anonymous Web surfing and 
used to skirt network administrator bans on access to sites like 
Facebook frequently reveals sensitive information about its users, 
according to a Swiss security researcher.

Glype is a small bit of PHP code that routes requests for Web pages 
through other Web pages running its software, said the researcher, who 
runs the Swiss Security Blog and the Zeus Tracker project. He prefers to 
remain anonymous.

The Glype code allows someone to, for example, access Facebook at work 
even if that page is blocked, as it appears the traffic is coming from 
the Web page running the proxy. Many companies now block sites such as 

Glype's code is free, and anyone can install it on their Web page. But 
Glype is frequently misconfigured, the researcher said. It allow someone 
running a Glype proxy to turn on a log, which shows the IP (Internet 
protocol) address of the user, what site they requested and the time.


Best Selling Security Books and More!
Shop InfoSec News
Received on Mon May 03 2010 - 22:44:06 PDT

This archive was generated by hypermail 2.2.0 : Mon May 03 2010 - 22:48:46 PDT