2/28/2024 0 Comments Ultrasurf blocked![]() ![]() I had a face to face meeting in early December of 2011 to discuss my findings with the lead developer of Ultrasurf and to give them time to fix the problems that I discovered. I believe that coordinated disclosure is reasonable in most cases and I ensured that Ultrasurf was notified long before the publication of this blog post. Newer versions appear to have different, not yet blocked, addresses baked into the program. ![]() As of early April 2012, an independent tester confirmed many of my findings from China the versions of Ultrasurf tested did directly connect to blocked addresses and did not in-fact work at all. Additionally, a number of interesting data points in my research paper came from interception devices in Syria. Most of my research was done while traveling in Brazil, Canada, Germany, and very small amount of it was performed in the US. My report is available for download from the following link: Unfortunately for them, I found their claims to be overstated and I found a number of serious problems with Ultrasurf. Ultrasurf is software produced by the UltraReach company for censorship circumvention, privacy, security and anonymity. Additionally, a few people had asked me what I thought of the software and in order to form an opinion, I decided to dig deeper. My interest in reverse engineering Ultrasurf comes entirely because I have seen people promoting it without also offering evidence that it is safe. This research was performed as a labor of love and it was funded work. I'm still learning and while I have a lifetime of learning to do on the topic, I chose to audit Ultrasurf as a challenge. In the summer of 2011, I spent a few months learning how to effectively reverse engineer Windows software.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |