Reducing java leakage in windows
Jacob Appelbaum
jacob at appelbaum.net
Mon Dec 3 07:35:49 UTC 2007
James Muir wrote:
> Arrakis wrote:
>> It appears that Java attacks for causing external IP data to be leaked
>> can be mitigated to some good degree. The upshot is that you can now run
>> Java applets that even when attempting to phone home directly (revealing
>> your IP), they are routed through the socks port and thus Tor or any
>> other socks speaking application. What we are doing is changing the
>> proxy settings of the Java Control Panel in windows.
>
> Some time ago, I conducted several tests that demonstrated that Java
> Applets have the ability to disregard proxy settings in the Java Control
> and open direct non-proxied connections. I do not think what you have
> described will work.
>
I remember these tests. I can't seem to find a copy of the applets you
used. Are you willing to publish them? Or point me in the right
direction should I want to try implementing them?
Regards,
Jacob
More information about the tor-talk
mailing list