[tor-talk] Security issue. Firefox in Tor Browser Bundle allows access to LAN resources. To fix: ABE of NoScript must be turn on by default
Max Jakob Maass
max at velcommuta.de
Tue Jan 21 15:02:45 UTC 2014
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On 21.01.2014 15:53, Max Jakob Maass wrote:
>> Also, it'd be nice if http://tortestprivacy.url.ph/ would allow
>> tweaking the full URL (rather than just port number) for public
>> testing purposes. Could you perhaps help with that, TT Security?
>> :)
> I'm not TT Security, but you can use my version:
> http://62.141.42.149/test.php
>
> It's not very pretty, but it is only a minor modification of the
> original that includes this ability.
>
I'm also hosting it as a hidden service, to see if that makes any
difference. If you want to test it:
http://ehlznccisf5mnhw2.onion/test.php
My results were: It makes no difference. Tor rejects local addresses
that are not 127.0.0.1, even the IP of my machine, with the log
message "[warn] Rejecting SOCKS request for anonymous connection to
private address [scrubbed].".
Have fun playing around with it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQJ8BAEBCgBmBQJS3owPXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx
NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJe1lcP/0x63I4xzb+9YjsjCLikd5UU
TlGTs7hmxJbPhXU7Q45XYnr0NbROlcT6cnV+9NlAlhxwmQ19lNsCZ00B/Zg5Jtjv
ah9ofpYoVK+a2YtcrgXgkDSJ/CwQC2it3V/Q4pu8Ile+TzlmkiQKl0xvLVVEmN3N
8HYsoMNA9VrhZmoXGUAHTX+6gytfvOmOhPf8tLr8/R+/d4LTQzibKCnBUOLyQ0F5
ZpZo8Aq2kLyHHeovqPA5xT6HHIJLltsqOUtQiR1M2PJ0iCus+VZVqXiQB+4no/gU
zDs0SfK1ITZ2ruiEf6R+P2xwc4YjusfP8HG399OQmCbMPc1r+Ugj81e1iNx79xIt
QF7NGJkqhsw88R5Hno16450q2sE56HkrRDA5MPcXJuyHPfNzFGgauS84Vjo/7/LF
tkwwFV6n5A0TjzNFz2aX4VsCXOLEFLcGLfufKCcwBkmTJ+TrffNhtedjFYqo+N0+
kJAMsi/N2+rKvMMF+ZDNVoCZRjFJcO/4tMoqpHy8KZ+Bb/IQTloHGzzOq1gDHGpf
60QUdvCQQ26i5OxENpkHCYa2IkG4TqONy54c9Bp+hCtuxGRrGmB1KJ53ALMXNeBf
vLlFspdDz4GbqeT8K38iQUlJyzrtPlN9IMnBcx6QXmDbb00gWP8Qeip7oyj+dHNr
2SNpqz5HHwZGnvR6uUr7
=a1zp
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list