[Dailydave] ndr.py and sarah palin

Dave Korn dave.korn at artimi.com
Wed Sep 17 14:30:43 EDT 2008 

Dave Aitel wrote on 17 September 2008 18:44:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> http://wikileaks.org/wiki/Sarah_Palin_Yahoo_inbox_2008

>From that page:

"Nb. The 'ctunnel.com' reference in the browser screen shots is to a proxy
service used to prevent the activists from being traced."

  That intrigued me, so I browsed to ctunnel.com.  Not being the
default-script-running type, I got a blank page, except for the html title
"Ctunnel.com will protect your anonymity on the internet, helping you evade
url and ip filters!".  So I looked at the source, and it's full of stuff like
....

		<script type='text/javascript'>
		var myArray=new Array();
				myArray[0] =
'%0n%0n%0n%0n%0n<Oe><oe>%0n%0n<gnoyr jvqgu=65%25><gq><gnoyr jvqgu=100%25
otpbybe=qqqqqq pryycnqqvat=3><gq>%0n<n
uers=%22uggcf://jjj.Pghaary.pbz%22>Ranoyr FFY Rapelcgvba</n><oe>%0n%0n<sbez
anzr=%22ybtva%22
npgvba=%22uggc://pghaary.pbz/vaqrk.cuc/1010110N/20099p53o71244739q9oqr36531890
0%22 zrgubq=cbfg>%0n<vachg anzr=%22hfreanzr%22 fvmr=66
inyhr=%22uggc://jjj.LbhGhor.pbz%22><vachg glcr=fhozvg inyhr=%22   Ortva
Oebjfvat   %22><Oe>%0nVafgnag Zrffratref: <n
uers=%22uggc://pghaary.pbz/vaqrk.cuc/1010110N/30509851s71q4n2op08nqq3143444040
717794pop324pr5sn1ns7q684op792410s2618900%22>Zfa</n> <n
uers=%22uggc://pghaary.pbz/vaqrk.cuc/1010110N/30509851s71q4n2op08nqq3143444040
717794pop324pr5sn1ns7q6451p492410s2618900%22>NVZ</n> <n
uers=%22uggc://pghaary.pbz/vaqrk.cuc/1010110N/30509851s71q4n2op08nqq3143444040
717794pop324pr5sn1ns7q7p59p1q35r4926o39r18900%22>Lnubb</n> <n uers=%


  Now.  I haven't decoded and read this yet, but I recognise that XYYZ://
pattern anywhere.

  So let me see if I've guessed this right: it's a proxy that rewrites all
your URLs in rot-13?  And this is supposed to "protect your anonymity"?

  Those activists are screwed.  They better get out of the country PDQ.
Pardon me, but I'll be sticking with proper mix chains for now.



  Oh, and TRWTF?  The decoder function is pretty FAIL:

function base64(src)
{
	var dst=new String('') ; var len=src.length ; var b ; var t=new
String('') ; if(len > 0) { for(var ctr=0; ctr<len ; ctr++) {
b=src.charCodeAt(ctr); if( ( (b>64) && (b<78) ) || ( (b>96) && (b<110) ) ) {
b=b+13; } else { if( ( (b>77) && (b<91) ) || ( (b>109) && (b<123) ) ) {
b=b-13; } } t=String.fromCharCode(b) ; dst=dst.concat(t) ;} }
	return dst;
}


    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....

More information about the Dailydave mailing list