[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Reducing java leakage in windows
- To: or-talk@xxxxxxxxxxxxx
- Subject: Reducing java leakage in windows
- From: Arrakis <arrakistor@xxxxxxxxx>
- Date: Sun, 02 Dec 2007 13:02:36 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sun, 02 Dec 2007 14:05:00 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; bh=m2bu/FKtEkqFfsuuQHJRYBo3MT4qus/qRVGVF+9tqHs=; b=AbwevsbzGISj5zrU2x85dO8O9OZz4JJP1nUEnJcN8Zq9PqCNzYeJBmT9JGZ7SrGA0XudncT1zGBbawtgmkzupW1bwFaevoDDrKHIIYDFZeIlUeG3s1ywI+hWAkDAiPLZ6HztuFGWa5UqaX7UEpBX0in3xx6lK6ZJK0zCyCl5CKU=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:user-agent:mime-version:to:subject:content-type:content-transfer-encoding; b=BCYlpMmZS0dmIY8G4k1CrY0viGtYjISQSC/dENGNCM1ziQHmu6v9xWl200Etxm8WSmOnQHDdsvXvQ9mS6//u6QcMv9OVJ7RgifEGl/Byi2pH3GIIbl0LxV5ppxx2gzorKJoMcm9eVaT7hD02sEsApjL5ExMAE8DHh1tvgWKwCvk=
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.9 (Windows/20071031)
It appears that Java attacks for causing external IP data to be leaked
can be mitigated to some good degree. The upshot is that you can now run
Java applets that even when attempting to phone home directly (revealing
your IP), they are routed through the socks port and thus Tor or any
other socks speaking application. What we are doing is changing the
proxy settings of the Java Control Panel in windows. The following will
shortly be applied to xB Browser after testing, and I highly suggest it
for other proxy programs. Needs lots of testing of course, and I would
also like to know if Java applets can acquire the authority to modify
that file as well. May require administrative access, but I imagine
Vista will popup a priv escalation window. There are probably variations
in the directories and syntax if you are running JRE <1.4. A good
indicator of old versioning is to see if your shoes employ the use of
velcro, you have a pair of 'jams' in your closet, or you've found
yourself to be too legitimate to quit.
Regards,
Steve Topletz
-------------
1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties
If there is no deployment.properties file there, try all administrative
usernames we can enumerate until we find the file. This is not a certianty.
2. Back up deployment.properties to a new file name.
3. Open it up
4. Read and store all lines beginning with "deployment.version"
5. Read and store all lines beginning with "deployment.javapi"
6. Close the file
7. Create a new file deployment.properties where the old one was.
8. Open the file
9. Insert the following lines
#deployment.properties
deployment.system.tray.icon=false
deployment.browser.vm.iexplorer=false
deployment.proxy.socks.host=localhost
deployment.proxy.type=1
deployment.proxy.same=true
deployment.browser.vm.mozilla=false
deployment.capture.mime.types=true
deployment.proxy.socks.port=8080
(where port 8080 is your socks port. in Tor, use 9050 by default)
10. Write all previously stored lines from old opened file.
11. Close the new deployment.properties
Continue starting your proxy program
On program exit...
12. Delete the deployment.properties file we created.
13. Restore the deployment.properties file we backed up.