Computer Security - Re: Anonymizer Tunnel Server Problems

11-20-2003, 05:37 PM

On 20-Nov-2003, starwars <> wrote:

> WTF!!
>
> so when were anonymizer gonna tell their customers? how about some kind of
> official statement?

I agree. I can only assume that this is not normal maintenance or the normal
changing of the keys for better security. I think it was either that they
were hacked or they had system failure

> why should people have to call up (what about
> international customers)?

Well, you don't have to call up. This was the suggestion that F-Secure gave
in it's help files.You can email their support but when you are unable to
tunnel (work) and know from past experiences that when they have a
systemwide failure it takes days to get a reply, that this is unacceptable.

> why couldn't they PGP sign a message somewhere
> about it?

I am embarassed to say that I don't know what this is.

> why the change anyway?

Good question.

> why isn't there ANYTHING on their website
> about this?

Because they are hiding their failures? I use newshosting.com and whenever
there is a problem, they quickly post a message describing the problem and
how long they estimate before it is fixed. They also give you a heads up
about scheduled stuff. This is something a good company will do. A bad
company will not.

> who originally posted this anyway? can they be trusted?

I originally posted this. I am a nobody and not a very knowledgable one
(about security) at that. Can I be trusted? Hell no and I gave that caveat
emptor in my original message.

> why has
> this been done while g dubya's in the uk?

Can you give me any more info on this? I have no clue who it is.

> where can we get a copy of the
> key/fingerprint to verify it with (apart from blindly accepting the new
> one)?

Once again I have to expose my ignorance. I did make a screen shot of the
warning window that F-Secure gave me that has the new key. How can I verify
it? (Apart from blindly accepting it.)

> this is all very curious. we need answers!!
>
> NOW!!

I agree 100%. My only intention when I posted the original message was to
help those who would be doing the same thing I did. Since their customer
support hours are from 7:30 AM PST, and this had happened sometime during
the night, I began calling them at 7:15 and was getting their night message
until about 7:45 AM at which time I finally got through and put in the call
que and waited for 2 hours for someone to answer and confirm they had
changed their key and that I was not under attack from the man in the
middle.

As a side benefit, I am glad that my post created these additional concerns.
I am EXTREMELY dissatisfied with their service especially in the last 6
months or so when they have had several server failures (and no redundancy).
Dealing with their support people during this time is like dealing with very
unhappy, even jaded employees who are being shot at by the customers and
under supported by the company.

Colonel Kernel@sys32.com

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search

11-20-2003, 05:37 PM	#1
	Re: Anonymizer Tunnel Server Problems On 20-Nov-2003, starwars <> wrote: > WTF!! > > so when were anonymizer gonna tell their customers? how about some kind of > official statement? I agree. I can only assume that this is not normal maintenance or the normal changing of the keys for better security. I think it was either that they were hacked or they had system failure > why should people have to call up (what about > international customers)? Well, you don't have to call up. This was the suggestion that F-Secure gave in it's help files.You can email their support but when you are unable to tunnel (work) and know from past experiences that when they have a systemwide failure it takes days to get a reply, that this is unacceptable. > why couldn't they PGP sign a message somewhere > about it? I am embarassed to say that I don't know what this is. > why the change anyway? Good question. > why isn't there ANYTHING on their website > about this? Because they are hiding their failures? I use newshosting.com and whenever there is a problem, they quickly post a message describing the problem and how long they estimate before it is fixed. They also give you a heads up about scheduled stuff. This is something a good company will do. A bad company will not. > who originally posted this anyway? can they be trusted? I originally posted this. I am a nobody and not a very knowledgable one (about security) at that. Can I be trusted? Hell no and I gave that caveat emptor in my original message. > why has > this been done while g dubya's in the uk? Can you give me any more info on this? I have no clue who it is. > where can we get a copy of the > key/fingerprint to verify it with (apart from blindly accepting the new > one)? Once again I have to expose my ignorance. I did make a screen shot of the warning window that F-Secure gave me that has the new key. How can I verify it? (Apart from blindly accepting it.) > this is all very curious. we need answers!! > > NOW!! I agree 100%. My only intention when I posted the original message was to help those who would be doing the same thing I did. Since their customer support hours are from 7:30 AM PST, and this had happened sometime during the night, I began calling them at 7:15 and was getting their night message until about 7:45 AM at which time I finally got through and put in the call que and waited for 2 hours for someone to answer and confirm they had changed their key and that I was not under attack from the man in the middle. As a side benefit, I am glad that my post created these additional concerns. I am EXTREMELY dissatisfied with their service especially in the last 6 months or so when they have had several server failures (and no redundancy). Dealing with their support people during this time is like dealing with very unhappy, even jaded employees who are being shot at by the customers and under supported by the company. Colonel Kernel@sys32.com