|
Home > Archive > Anonymous Servers > February 2007 > javascript and TOR
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
javascript and TOR
|
|
| Anonymous Remailer (austria) 2007-02-12, 7:14 pm |
| What dangers, if any, are there in using TOR/Privoxy, while
javascript is enabled in the browser?
| |
| Anonymous Remailer (austria) 2007-02-12, 7:14 pm |
|
On 12 Feb 2007, Anonymous Remailer (austria)
<mixmaster@remailer.privacy.at> wrote:
>What dangers, if any, are there in using TOR/Privoxy, while
>javascript is enabled in the browser?
The dangers that come from using javascript.
| |
| George Orwell 2007-02-12, 7:14 pm |
| On Mon, 12 Feb 2007 20:01:06 +0000, Anonymous Remailer wrote:
> What dangers, if any, are there in using TOR/Privoxy, while
> javascript is enabled in the browser?
The site can use it to get your ip. Go to stilllistener.com (when it's up)
and try the javascript and Java tests, with and without Java and/or
javascript turned on.
Be sure also use a proxy for https.
| |
|
| George Orwell <nobody@mixmaster.it> wrote in
news:2edaff709d1616ea4fa172dbb9977f13@mi
xmaster.it:
> On Mon, 12 Feb 2007 20:01:06 +0000, Anonymous Remailer wrote:
>
>
> The site can use it to get your ip. Go to stilllistener.com (when it's
> up) and try the javascript and Java tests, with and without java
> and/or javascript turned on.
>
> Be sure also use a proxy for https.
>
>
I went their using the Cotse.net SSH tunnel and Javascript
on, and the only thing it told me was that I had Javascript
on - which I already knew.
I think you may be confusing Java with Javascript when it comes
to finding out your IP address. Have you actually done the
experiment you recommend?
Anon
| |
|
| Anon@anon.org wrote in message news:<IRA33RIV39126.0265740741
@anonymous.poster> ...
> George Orwell <nobody@mixmaster.it> wrote in
> news:2edaff709d1616ea4fa172dbb9977f13@mi
xmaster.it:
>
> I went their using the Cotse.net SSH tunnel and Javascript
> on, and the only thing it told me was that I had Javascript
> on - which I already knew.
>
> I think you may be confusing Java with Javascript when it comes
> to finding out your IP address. Have you actually done the
> experiment you recommend?
Javascript can be used as a vector for attack:
http://blogs.zdnet.com/security/?p=15
Anything that runs local on your machine, regardless of whether or not
at this stage in time it can accomplish anything, is suspect and best
practice is to not allow it. Of course this does mean some sites and
some features on sites will not work, it's a tradeoff.
/steve
--
Packetderm, LLC
Web hosting, SSH Tunneling, Proxies, Advanced E-Mail, Privacy
http://www.cotse.net/areyoureadyforus.html
| |
| J.Alfred Prufrock 2007-02-13, 1:13 pm |
| In article <MPG.203b4dbfc65efb2b98983c@news.newsreader.com>
Steve <dontbother@invalid.none> wrote:
>
> Anon@anon.org wrote in message news:<IRA33RIV39126.0265740741
> @anonymous.poster> ...
>
> Javascript can be used as a vector for attack:
>
> http://blogs.zdnet.com/security/?p=15
>
> Anything that runs local on your machine, regardless of whether or not
> at this stage in time it can accomplish anything, is suspect and best
> practice is to not allow it. Of course this does mean some sites and
> some features on sites will not work, it's a tradeoff.
>
> /steve
> --
> Packetderm, LLC
> Web hosting, SSH Tunneling, Proxies, Advanced E-Mail, Privacy
> http://www.cotse.net/areyoureadyforus.html
The exploit would appear to function only under some specific
circumstances:
1. Unpatched computers. Does sp2 solve this?
2. Trojan vulnerable computers. Would a firewall
solve this? How about a live CD (read only OS)?
JAP
| |
| J.Alfred Prufrock 2007-02-13, 7:13 pm |
| In article <MPG.203b4dbfc65efb2b98983c@news.newsreader.com>
Steve <dontbother@invalid.none> wrote:
>
> Anon@anon.org wrote in message news:<IRA33RIV39126.0265740741
> @anonymous.poster> ...
>
> Javascript can be used as a vector for attack:
>
> http://blogs.zdnet.com/security/?p=15
>
> Anything that runs local on your machine, regardless of whether or not
> at this stage in time it can accomplish anything, is suspect and best
> practice is to not allow it. Of course this does mean some sites and
> some features on sites will not work, it's a tradeoff.
>
> /steve
> --
> Packetderm, LLC
> Web hosting, SSH Tunneling, Proxies, Advanced E-Mail, Privacy
> http://www.cotse.net/areyoureadyforus.html
The exploit would appear to function only under some specific
circumstances:
1. Unpatched computers. Does sp2 solve this?
2. Trojan vulnerable computers. Would a firewall
solve this? How about a live CD (read only OS)?
JAP
| |
| traveler 66 2007-02-14, 7:13 pm |
| On 14 Feb 2007 00:35:24 -0000, J.Alfred Prufrock wrote:
> In article <MPG.203b4dbfc65efb2b98983c@news.newsreader.com>
> Steve <dontbother@invalid.none> wrote:
>
> The exploit would appear to function only under some specific
> circumstances:
>
> 1. Unpatched computers. Does sp2 solve this?
> 2. Trojan vulnerable computers. Would a firewall
> solve this? How about a live CD (read only OS)?
>
> JAP
You're right, any tests that I tried with my surf account only showed JAVA
as allowing my real IP to show. I'm firewalled and have all the updates for
windows installed.
JAVASCRIPT still gives out allot of information about you though, like
browser type, local time, etc. Privoxy helps with some things like cookies
and the browser type.
| |
| J.Alfred Prufrock 2007-02-14, 7:13 pm |
| In article <129qwjhk0xg3a$.w3tt9haycgut.dlg@40tude.net>
traveler 66 <noreply@nym.alias.net> wrote:
>
> On 14 Feb 2007 00:35:24 -0000, J.Alfred Prufrock wrote:
>
>
> You're right, any tests that I tried with my surf account only showed JAVA
> as allowing my real IP to show. I'm firewalled and have all the updates for
> windows installed.
>
> JAVASCRIPT still gives out allot of information about you though, like
> browser type, local time, etc. Privoxy helps with some things like cookies
> and the browser type.
I forgot to mention that I was using Privoxy.
JAP
|
|
|
|
|