+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 23 of 23
Windows Thread, Proxy bypass details in cookies in Technical; Would agree with Jona - passwords need never be stored in cookies, and its unlikely you'll find much, as the ...
  1. #16


    tom_newton's Avatar
    Join Date
    Sep 2006
    Location
    Leeds
    Posts
    4,507
    Thank Post
    871
    Thanked 862 Times in 681 Posts
    Rep Power
    199
    Would agree with Jona - passwords need never be stored in cookies, and its unlikely you'll find much, as the "decision" is made at facebook/bebo etc., the proxies merely proxy cookies in the same way they do HTML.

    None of the common proxy tools I have... dismantled.. come with password pinching as standard. The usual way to make money is from adwords (though its against google's ToS to do this except on the front page...).

    Of course I am going to advocate use of real content filtering to block proxies, as "scare tactics" only go so far. Would still employ the old "bogeymans gunna get you" line though, as its certainly inadvisable to use a proxy in *any* scenario, and, for example, to be caught using one in a commercial/work environment is much more serious, so it is arguably a good education!

  2. #17
    theeldergeek
    Guest
    Quote Originally Posted by Theblacksheep View Post
    We ban all proxies, we dont allow searching for proxies and we get an email warning from our server when anyone is searching for them. We VNC and warn anyone doing so to get off straight away.

    We also watch what sites arent categorised and add them to the lists as we go.

    The most effective thing i've found are keywords that prevent searching i the first place. Alot of students have given up and used their mobile phones.
    OK, let me make it clear - we too DO NOT allow proxies, nor the searching of, and we too have banned many, many sites.

    We also have prevented keyword searching.

    However, youngsters being youngsters, they will find ways to circumnavigate any defence you put in place.

    There is nothing to stop them utilising their own home connections to make a list, scribble it down, and bring it to school. So long as it hasn't already been blocked, or doesn't contain keywords, then it is wide open.

    We found one the other day 'jeremyfones.com' or similar - who would think a site called that offered a proxy!?!?

  3. #18
    theeldergeek
    Guest
    Quote Originally Posted by j17sparky View Post
    Just use a content filter then you dont need to "scare" kids as they wont be getting on any baughty sites eitherway
    And this works for you? Perhaps you can explain how you implement a content filter, and how you would ensure this worked when students access sites thru a proxy by-pass?

    The idea to "scare" them however, is a two pronged approach.

    Firstly, it will stifle their desire to access proxy by-pass sites if they think the ICT Teks can then see their account details.

    Secondly, it will maybe educate them for the future.

    I don't hold out any hope for the latter, the former would mean an awful lot less work for us in the long run and probably work far better than any 'education' on the matter!

    Anyway, over to you concerning the content filter....

  4. #19
    enjay's Avatar
    Join Date
    Apr 2007
    Location
    Reading, Berkshire, UK
    Posts
    4,497
    Thank Post
    282
    Thanked 196 Times in 167 Posts
    Rep Power
    76
    Quote Originally Posted by Tx2online View Post
    erm... but if that's publicly possible anyway, we won't be able to shock them into realising we can effectively 'hack' their details when they are using our network.
    True, but it will hopefully shock them into realising just how much information about themselves they put out there for all the world to see, which is arguably a more important lesson than making them realise that a proxy by-pass site might harvest their MySpace details.

  5. #20
    zag
    zag is offline
    zag's Avatar
    Join Date
    Mar 2007
    Posts
    4,002
    Thank Post
    983
    Thanked 477 Times in 398 Posts
    Blog Entries
    12
    Rep Power
    98
    I just signed up to the mailing list of new proxies on my webmail account. It send through a list every now and then new ones which we block.

    Seems to work for us. No idea why smartfilter cant do this as a company though, they seem very slow at blocking this particular type of site.

  6. #21


    Join Date
    Oct 2006
    Posts
    3,414
    Thank Post
    184
    Thanked 356 Times in 285 Posts
    Rep Power
    149
    Quote Originally Posted by Tx2online View Post
    And this works for you? Perhaps you can explain how you implement a content filter, and how you would ensure this worked when students access sites thru a proxy by-pass?
    Yes it works. It isnt like a black-list/white-list one, it actually looks at the content of the page not just the URL. Without going into detail it just looks for key words and passes judgment on the site based on the naughty words, but also looks at common phrases wi=hcih include naughty words but in a non-naughty context ie The Naked Chef, Blue Tits

    Have a word with Tom_Newton. He works for a company called Smoothwall. Obviously he is going to sell his product but listen to him, the product works and afaik i havnt seen him telling porkies on this forum.

    Heres what his product is built on, if you know your stuff on linux you could build your own. Or you could use a free proxy and mod it with Dansguardian - Smoothwall Community is an example.
    DansGuardian - True Web Content Filtering for All
    Last edited by j17sparky; 2nd April 2008 at 03:53 PM.

  7. #22
    theeldergeek
    Guest
    Quote Originally Posted by NickJones View Post
    True, but it will hopefully shock them into realising just how much information about themselves they put out there for all the world to see, which is arguably a more important lesson than making them realise that a proxy by-pass site might harvest their MySpace details.
    In all honesty I'm more concerned with them accessing a proxy by-pass site in school, on my time, when i then have to spend time sorting it out when I already have a workload that could easily employ another tech.

    Whilst we all perhaps have a moral/social responsibility in respect of online safety, that is for another conversation at another time. Even if I did convince the kids to not reveal all that they do on these sites, and they followed my advice, would it stop them accessing such? Would they suddenly stop accessing anything via proxy by-pass? I doubt it...

    No, my concern is stopping the proxy by-pass in the first place - I want a method that will make them think twice about doing so, and the 'shock and awe' method of them realising that their account details might be exposed in a cookie because they access these sites using a by-pass seemed a good solution - unfortunately, it doesn't seem cookies that these sites generate contain enough info to do that.

    Blocking sites, banning searches on keywords, and locking user accounts is going to be a long slog i fear.

  8. #23

    SYNACK's Avatar
    Join Date
    Oct 2007
    Posts
    11,271
    Thank Post
    884
    Thanked 2,749 Times in 2,322 Posts
    Blog Entries
    11
    Rep Power
    785
    I had a thought, the main objection is that it could be wrong legally to snoop on the data using the privileges that are given to us by our jobs. A fairly good way around this would be to start your own proxy site and carefully disseminate the information so that the students did not know that it was the school itself.

    They are then choosing to use your service that can grab details that they provide. just put an eula on the thing in really tiny writing that it may be monitored for quality control or something and you should be sorted.

    Let it run for a couple of weeks then call the offending students up at assembly to receive their own passwords on a bit of paper. Shock, Awe and shame the trifecta of learning. (just kidding discression would probably be advised)


    I'm sure that there it some open source software out there that would let you set up a proxy like that.

    Edit: Oops, this should be in your other thread.
    Last edited by SYNACK; 2nd April 2008 at 04:57 PM. Reason: mistake



SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. proxy bypass sites
    By bishopsgarthstockton in forum Links
    Replies: 77
    Last Post: 7th December 2006, 12:29 PM
  2. Proxy Bypass Websites
    By ticker in forum Windows
    Replies: 13
    Last Post: 24th May 2006, 10:28 AM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •