[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Reducing java leakage in windows
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Reducing java leakage in windows
- From: Arrakis <arrakistor@xxxxxxxxx>
- Date: Sun, 02 Dec 2007 22:58:50 -0600
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Mon, 03 Dec 2007 00:01:29 -0500
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; bh=OSacj/dW00XCiLaJi7/IIYFFNzkDOe9oOxPcpaYdiRE=; b=P/M8yZIZcov0Qa1OcJHchV+WMTX4+EKTChd+m+gvKRBKf2hRbs3JNd5gr7NIsQsPTfE3rV4+18KYJ0SSHbhpIhn25Rz2J+cs/a7jjWpR0cMqIkS6O86Akhk7bxNAmo+anSYec+1tr//Ffs+06V6O0MGhibmnN0UkxNYM0fxR1eg=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=received:message-id:date:from:user-agent:mime-version:to:subject:references:in-reply-to:content-type:content-transfer-encoding; b=nk8i9ZgeHbFwzEirKhXc0zk6oyF3nIawkJhn0MBS9KqSsOz68v5AGuY13f7rl+RGxKznKBUghdmc9Nd0kpUSyppDv+2dP+9SUV5eS6ZFXKW42Wv5t1BuWmQjkTibUNiaMoRJlpe9xbSRTTl4q0W0A8MuJdG/jb2iPDoyJVZLcHI=
- In-reply-to: <47537F7F.9070800@xxxxxxxxx>
- References: <4753014C.7000408@xxxxxxxxx> <47537F7F.9070800@xxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
- User-agent: Thunderbird 2.0.0.9 (Windows/20071031)
James,
Do you have a copy of these tests? I'm definitely interested in seeing
it. However, I am NOT posing this as a solution to java issues, just
another defense layer. This effectively keeps non-malicious applets from
surreptitious leakage. I highly doubt a determined application would be
cornered in, but most seem to be. Regarding DNS, well that is again
another issue to be looked at, unfortunately.
Steve
James Muir wrote:
> Arrakis wrote:
>> It appears that Java attacks for causing external IP data to be leaked
>> can be mitigated to some good degree. The upshot is that you can now run
>> Java applets that even when attempting to phone home directly (revealing
>> your IP), they are routed through the socks port and thus Tor or any
>> other socks speaking application. What we are doing is changing the
>> proxy settings of the Java Control Panel in windows.
>
> Some time ago, I conducted several tests that demonstrated that Java
> Applets have the ability to disregard proxy settings in the Java Control
> and open direct non-proxied connections. I do not think what you have
> described will work.
>
> -James
>