|
> Date: Wed, 14 Jul 2010 22:26:26 +0100 > From: pumpkin@xxxxxxxxx > To: or-talk@xxxxxxxxxxxxx > Subject: Re: Torbutton Documentation - Adversary Capabilities. > > So to go back to the OP's question (my question)....what do people think > of my questions about _javascript_ being able to obtain non-Tor IPs when > wiping the cache? I may need correcting here, but I believe that things like _javascript_ timers are stored in memory as part of the page's Document Object Model (DOM), and DOM Storage attacks are one of the things that Torbutton protects against. The DOM disappears when the window or tab is closed anyway. Furthermore, if Torbutton is set up correctly, the cache in the Tor state is isolated from the cache in the Non-Tor state, so stored .js files can't come back to bite you. GD The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. Get busy. |