[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: HTML5 deanonymization attacks

Hash: SHA1

Gregory Maxwell wrote:
> It's not clear from the slides exactly how the video tags are supposed
> to be bypassing tor. Is this saying that the poster attribute bypasses
> the proxy settings?  It doesn't appear to do so here for me in
> Firefox.
Firefox 3.5 does NOT support the poster attribute: this is what I wrote
in the slides as "safe by broken implementation".

The overall idea is to open a side channel via ftp, hoping the browser
will ignore the HTTP proxy as it is not supposed to be able to proxy
that protocol. As I told here some times ago
(http://archives.seul.org/or/talk/Jul-2009/msg00002.html) if you stick
with Firefox and TorButton you're safe. And, well, outside this mailing
list it's not that obvious as it seems: I enjoy giving talks here in
Italy on how Tor works and on how you should use it and there're too
many people asking if they're safe using e.g. Firefox and Foxy Proxy or
any other browser.


- --
Marco Bonetti
Slackintosh Linux Project Developer: http://workaround.ch/
Linux-live for powerpc: http://workaround.ch/pub/rsync/mb/linux-live/

My GnuPG key id: 0x0B60BC5F
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

To unsubscribe, send an e-mail to majordomo@xxxxxxxxxxxxxx with
unsubscribe or-talk    in the body. http://archives.seul.org/or/talk/