[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warnings on the download page
From: James Muir <jamuir@xxxxxxxxxxxxxxx>
Date: Thu, 08 Mar 2007 23:37:59 -0500
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Thu, 08 Mar 2007 23:37:50 -0500
In-reply-to: <45F0BC7E.3050400@gmail.com>
References: <200703081612.10419.torspam@metasploit.com> <45F09C88.1030302@scs.carleton.ca> <200703081740.43455.torspam@metasploit.com> <45F0B229.6050709@scs.carleton.ca> <45F0BC7E.3050400@gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.9 (X11/20070104)

Watson Ladd wrote:

If there is a security manager, its checkConnect method is called
with the proxy host address and port number as its arguments. This
could result in a SecurityException.

Just configure the security manager to prevent unproxyed connections.

Even if all Java connections are proxied through Tor, it is still possible to read the end user's IP address locally and submit it to the server that originated the applet. Java, along with all other browser plugins, should be disabled.

By the way, I just had another look at Roger and Mike's warning on the download page (it's now repositioned above the download links). I think it's very well done. Good work!

-James

References:
- Re: Warnings on the download page
  - From: H D Moore
- Re: Warnings on the download page
  - From: James Muir
- Re: Warnings on the download page
  - From: H D Moore
- Re: Warnings on the download page
  - From: James Muir
- Re: Warnings on the download page
  - From: Watson Ladd

Prev by Author: Re: Warnings on the download page
Next by Author: Re: Removing 1 modular exponentiation
Previous by thread: Re: Warnings on the download page
Next by thread: Re: Warnings on the download page
Index(es):
- Author
- Thread