Another Method to Block Java Hijinks
Kyle Williams
kyle.kwilliams at gmail.com
Fri Apr 6 06:27:48 UTC 2007
It didn't report my real IP address.
I tried this page with JanusVM and recorded the session in FLASH.
Here's the link if anyone would like to see for themselves.
http://janusvm.peertech.org/Flash/JanusVM-SEC-Demo-1.html
Needless to say, it didn't compromise my real IP address with JAVA TURNED
ON.
We also tested the Metasploit Project's Decloaking Engine. It failed too.
Regards,
~Kyle
On 4/2/07, norvid <norvid at gmail.com> wrote:
>
> Hello
>
> I have another method that may block Java hijinks that can allow a
> site to determine your real IP. This one allows you to use the normal
> default browser settings. You do not have to turn off all sorts of
> scripts. You probably should still block cookies.
>
> Use a firewall with settings which block the browser from accessing
> the internet but allows Privoxy access. Set up your firewall this
> way. Now to test obviously all you need do is turn the firewall off
> and on.
>
> Go to this page to test:
> http://stayinvisible.com/cgi-bin/iptest.cgi
> This page uses a Java applet to reveal your real IP.
> It will guess mine when the firewall is off but fails to when the
> firewall is on.
>
> Now test your IP without the firewall but while turning off Java. You
> should see that the test will not reveal your IP. Don't worry about
> javascript. It has nothing to do with it on this particular page.
>
> I'm throwing this out here as potentially another way to protect your
> privacy while using Tor and depending on the firewall used it may be
> easier to set up than turning off all sorts of browser functionality.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20070405/5c8b90fc/attachment-0001.htm>
More information about the tor-talk
mailing list