[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: building pages with tor in mind



You might also look at some of the exploits Kevin McCurley has on
the digicrime site. I don't think he's updated them for years, but
they're still there. James Muir has already pointed to some of the
similar exploits he's done.

The particular exploit that I think Paul is alluding to here (which I haven't mentioned previously) is the following: in the latest Java API, the constructor for the Socket class has been designed to allow connections which by-pass proxies. So, if you have the Java 1.5 or later VM enabled, you should beware that applets can open non-proxied connections, regardless of both the proxy settings in your browser and the proxy setting you set in the Java Control Panel.


-James