[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Insecurities in Privoxy Configurations - Details

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Insecurities in Privoxy Configurations - Details
From: Juliusz Chroboczek <Juliusz.Chroboczek@xxxxxxxxxxxxxx>
Date: Sun, 02 Dec 2007 20:23:02 +0100
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sun, 02 Dec 2007 14:23:13 -0500
In-reply-to: <20071130202328.GU20802@xxxxxxxxxxxxxx> (Roger Dingledine's message of "Fri\, 30 Nov 2007 15\:23\:28 -0500")
References: <E392FF2E-F012-4B8D-89E4-F921284C2777@xxxxxxxxx> <20071130202328.GU20802@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Gnus/5.11 (Gnus v5.11) Emacs/22.1 (gnu/linux)

> 1) Those of us who use polipo should pay attention too, and make sure
> to put
>   disableLocalInterface=true
> in our polipo config file. Otherwise a remote attacker can reconfigure
> our polipo out from underneath us, examine our cache to see where we've
> been browsing, etc.

FWIW, both the cache index and the list of recently accessed servers
are disabled by default.  Reconfiguring Polipo is enabled by default,
and I agree that it is a good idea to disable it, ass suggested by
Roger above.

I'm trying to put together all hints about running Polipo with Tor on

  http://www.pps.jussieu.fr/~jch/software/polipo/tor.html

Please send your additions to the Polipo-users@xxxxxxxxxxxxxxxxxxxxx
mailing list.

Thanks,

                                        Juliusz

Prev by Author: Re: Can Tor run WITHOUT Pivoxy ?
Next by Author: Re: Help me understand tor with SSL?
Previous by thread: Re: Reducing java leakage in windows
Next by thread: [Politics/Legal] Re: German Tor Legal Fund
Index(es):
- Author
- Thread