[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-bugs] Re: #1579 [Tor-Torbutton]: ETag and If-None-Match header can link multiple requests to the same page

To: undisclosed-recipients:;
Subject: [tor-bugs] Re: #1579 [Tor-Torbutton]: ETag and If-None-Match header can link multiple requests to the same page
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 22 Jun 2010 11:53:07 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivered-to: tor-bugs-outgoing@xxxxxxxx
Delivered-to: tor-bugs@xxxxxxxxxxxxxx
Delivery-date: Tue, 22 Jun 2010 07:53:16 -0400
In-reply-to: <043.119b490c1b323e4c1a7ae2aa083c2820@xxxxxxxxxxxxxx>
References: <043.119b490c1b323e4c1a7ae2aa083c2820@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: owner-tor-bugs@xxxxxxxxxxxxxx

#1579: ETag and If-None-Match header can link multiple requests to the same page
----------------------------+-----------------------------------------------
  Reporter:  bee            |       Owner:  mikeperry
      Type:  enhancement    |      Status:  closed   
  Priority:  minor          |   Milestone:           
 Component:  Tor-Torbutton  |     Version:           
Resolution:  duplicate      |    Keywords:           
    Parent:                 |  
----------------------------+-----------------------------------------------

Comment(by bee):

 That's untrue!!!!!! So, what you're shipping now, is an "out of the box"
 vulnerable product!!!!! yeah, three years and you didn't found yet a
 working solution for this flaw!!!!!!!!!!!!!!
 As a matter of fact, the exploit page continues to work against
 TorButton!!!!!!!!!(the "out of the box TorButton"!!!)
 Also, it's your way the way to defeat the flaw disabling all the caches
 mechanisms!!!!! It's effective, but it sounds strange to me too!!!
 although if you didn't found better ways, it's better than nothing!!!!
 Yet, you aren't using it either!!!!

 Nevertheless, i've to say that in place of a TBB with all features active,
 to work "out of the box" together with all the possible imaginable
 flaws!!! i do prefer a TBB like factorbee!!! where many features are
 disabled and whenever you need them, you can switch on what you need, when
 and whether you need it!!!!!! "deny all, but allow this and that"!!!!!

 In the meantime ETags or just cookies, can be used to keep a thread of
 what you're doing!!!! until you toggle the button or clear the caches!!!

 ~bee!!!!!!!

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/1579#comment:10>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online

References:
- [tor-bugs] #1579 [Tor-Torbutton]: Tracking users
  - From: Tor Bug Tracker & Wiki

Prev by Author: [tor-bugs] #1583 [Tor-Tor Control Panel]: There's sometimes an extra space in STREAM events sent by the controller.
Next by Author: [tor-bugs] Re: #1576 [EFF-HTTPS Everywhere]: Fail to recognise some non-US google searches
Previous by thread: [tor-bugs] Re: #1579 [Tor-Torbutton]: ETag and If-None-Match header can link multiple requests to the same page
Next by thread: [tor-bugs] #1580 [Tor - Company]: restricted networks for serra
Index(es):
- Author
- Thread