Delivery-Date: Wed, 10 Jun 2015 01:04:24 -0400
Return-Path: <tor-talk-bounces@lists.torproject.org>
X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on moria.seul.org
X-Spam-Level: 
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,FREEMAIL_FROM,
	RCVD_IN_DNSWL_MED,T_RP_MATCHES_RCVD autolearn=ham version=3.3.1
X-Original-To: archiver@seul.org
Delivered-To: archiver@seul.org
Received: from eugeni.torproject.org (eugeni.torproject.org [38.229.72.13])
	(using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
	(No client certificate requested)
	by khazad-dum.seul.org (Postfix) with ESMTPS id EFFBD1E041F;
	Wed, 10 Jun 2015 01:04:18 -0400 (EDT)
Received: from eugeni.torproject.org (localhost [127.0.0.1])
	by eugeni.torproject.org (Postfix) with ESMTP id 54146354F1;
	Wed, 10 Jun 2015 05:04:12 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
 by eugeni.torproject.org (Postfix) with ESMTP id 64254354ED
 for <tor-talk@lists.torproject.org>; Wed, 10 Jun 2015 05:02:34 +0000 (UTC)
X-Virus-Scanned: Debian amavisd-new at 
Received: from eugeni.torproject.org ([127.0.0.1])
 by localhost (eugeni.torproject.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id tN7yAT3oEO3n for <tor-talk@lists.torproject.org>;
 Wed, 10 Jun 2015 05:02:34 +0000 (UTC)
Received: from continuum.iocl.org (continuum.iocl.org [217.140.74.2])
 by eugeni.torproject.org (Postfix) with ESMTP id A4197354E8
 for <tor-talk@lists.torproject.org>; Wed, 10 Jun 2015 05:02:33 +0000 (UTC)
Received: (from krey@localhost)
 by continuum.iocl.org (8.11.3/8.9.3) id t5A52Uu25695;
 Wed, 10 Jun 2015 07:02:30 +0200
Date: Wed, 10 Jun 2015 07:02:29 +0200
From: Andreas Krey <a.krey@gmx.de>
To: tor-talk@lists.torproject.org
Message-ID: <20150610050229.GB3541@inner.h.apk.li>
References: <cc105048a5f578a05101688c96cbaeea.webmail@localhost>
 <20150609210458.GA3541@inner.h.apk.li>
 <62fcf8bbf4616d8d97b8316b25dee331.webmail@localhost>
Mime-Version: 1.0
Content-Disposition: inline
In-Reply-To: <62fcf8bbf4616d8d97b8316b25dee331.webmail@localhost>
User-Agent: Mutt/1.4.2.1i
X-message-flag: What did you expect to see here?
Subject: Re: [tor-talk] Cloudflare's captcha problems: google's fault
X-BeenThere: tor-talk@lists.torproject.org
X-Mailman-Version: 2.1.15
Precedence: list
Reply-To: tor-talk@lists.torproject.org
List-Id: "all discussion about theory, design,
 and development of Onion Routing" <tor-talk.lists.torproject.org>
List-Unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
List-Archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-Post: <mailto:tor-talk@lists.torproject.org>
List-Help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-Subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, 
 <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: tor-talk-bounces@lists.torproject.org
Sender: "tor-talk" <tor-talk-bounces@lists.torproject.org>

On Tue, 09 Jun 2015 21:31:11 +0000, m8asyom80@sigaint.org wrote:
...
> I hope they don't but it's just a worst case scenario that should be taken
> into account. Even though they can redirect you from https://1111.com to
> https://11l1.com if they wish and MTIM you from there, provided you don't
> notice the address substitution,

They don't need to - when you go to, say, http://questionablecontent.net,
you already end up on their systems, and instead of serving you
the captcha page, they could just as well serve you any malware.
Or additionally. There is no need for a redirect.

As I understand it they also do the SSL termination for their
customer's pages.

And given just how awfully many pages are on cloudflare nowadays
they're either the NSA or a prime target of them.

...
> Someone should ask google: PLEASE, ALLOW YOUR CAPTCHAS TO BE SOLVED WITH
> JAVASCRIPT OFF AGAIN. If google is not intentionally doing this, there
> must be a bug in their captcha system they have not been made aware of.

Seconded, even if it's not my personal issue.

Andreas

-- 
"Totally trivial. Famous last words."
From: Linus Torvalds <torvalds@*.org>
Date: Fri, 22 Jan 2010 07:29:21 -0800
-- 
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

