Re: Introducing Torfox 3.0.10

["Alexander Cherepanov" <cherepan@xxxxxxxx>]

Hello, Jacob!
You wrote to or-talk@xxxxxxxxxxxxx on Wed, 10 Jun 2009 09:47:41 -0700:

>> I think it just appeals to a different style of usage. That's the reason I
>> wanted to make it anyways. I've disabled Java, set it to auto delete private
>> data on shutdown, etc. I'm looking for input as far as what kinds of
>> protection needs to be added.
> 
> I'm not sure what you mean when you say that it appeals to a different
> style of usage.

Don't know about Tor Fox's style of usage but one of my setups is a 
firefox without plugins with javascript turned off going through tor 
via privoxy. Is torbutton really needed in such a setup? The only 
problem I can immediately see is css-only history stealing.

Alexander Cherepanov

P.S. Probably of interest to tor community:
New paper by Amit Klein (Trusteer) - "Temporary user tracking in major 
browsers and Cross-domain information leakage and attacks". The
paper is available to download from the following page:

http://www.trusteer.com/temporary-user-tracking-in-major-browsers

Abstract:
User tracking across domains, processes (in some cases) and windows/tabs is
demonstrated by exploiting several vulnerabilities in major browsers
(Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a
limited extent Google Chrome). Additionally, new cross-domain
information leakage, and cross domain attacks are described, which
provide a foundation for attacks such as "in session phishing".