[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #8558 [Quality Assurance and Testing]: Re-verify app-launching defenses on Windows
#8558: Re-verify app-launching defenses on Windows
-------------------------------------------+--------------------------------
Reporter: mikeperry | Owner: cypherpunks
Type: task | Status: new
Priority: major | Milestone:
Component: Quality Assurance and Testing | Version:
Keywords: tbb-rebase-regression | Parent:
Points: | Actualpoints:
-------------------------------------------+--------------------------------
Rsnake claims that some stuff he did 3 years ago still works on TBB. We
certainly fixed the two vectors he mentioned (itms and smb) with
Torbutton, but it is possible that one or more random things have been
broken/undone by FF17. We should retest as many of them as we can,
especially on Windows. Especially since Rsnake seems insistent on being as
unhelpful as possible :/. Gotta love timewasters....
Most decloaking attacks are based on plugins, which are disabled by a
Firefox patch and also by Firefox settings, but the following two
decloak.net attacks should be retested:
1. "When the iTunes is installed, it registers the itms:// protocol
handler. This protocol handler will open iTunes and do a direct connection
to the specified URL. There are some restrictions on the URL you can pass,
but we found a nice way around them :-)"
2. "When Microsoft Office is installed and configured to automatically
open documents, a file can be returned which automatically downloads an
image from the internet. This can bypass proxy settings and expose the
real DNS servers of the user."
Unfortunately, decloak.net is now down, so the exact itms url it used is
unavailable (unless the source is still around somewhere).
Also, this test should be verified on Windows:
http://pseudo-flaw.net/tor/torbutton/ipleak-dotnet-assistant.html
I think the .NET assistant addon might need to be explicitly installed
these days. It used to auto-install with some piece of .NET but then
Mozilla blacklisted it. They may have removed the blacklist, though...
Also, we should try some SMB urls on windows. Native Firefox SMB handling
appears to be unimplemented still, but it may be possible to shove
something in the registry that enables an external handler:
http://kb.mozillazine.org/Register_protocol#Windows
http://msdn.microsoft.com/en-us/library/aa767914.aspx
Such external handlers *should* still be blocked by Torbutton, though.
They certainly are on MacOS and Linux...
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/8558>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs