Title: TOR users be aware, Flash and Javascript reveals IP address. Post by: Serith on April 25, 2012, 05:20:13 PM The following sequence of events occurs when somebody is unmasked:
Discussion of the vulnerability: Hacker News: The Underpants Project (http://news.ycombinator.com/item?id=3878438) Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Red Emerald on April 25, 2012, 05:23:07 PM Good information, but not new news at all. This is why the Tor Browser Bundle and Tails have javascript and flash disabled by default.
Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: mila on April 25, 2012, 05:32:42 PM no kidding, Sherlock?
I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default. Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Red Emerald on April 25, 2012, 05:35:56 PM Also, http://panopticlick.eff.org/ is a much more informative page than your link.
Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Serith on April 25, 2012, 06:07:18 PM no kidding, Sherlock? I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default. Any link on this forum that I missed? Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Red Emerald on April 25, 2012, 06:14:52 PM no kidding, Sherlock? I mean, thank you for rising awareness but it's really well known or at least documented and the bundled browser has the settings right by default. Any link on this forum that I missed? https://www.torproject.org/download/download-easy.html.en#warning Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: a nice guy on April 25, 2012, 06:50:06 PM Hello,
just setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network). eth1 routes then all traffic through tor. Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy. ALL traffic is now routed through tor and immune to those attacks. I think there is a tutorial on the torwiki too. kind regards, a nice guy Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: theymos on April 25, 2012, 07:14:55 PM You can't do it with just JavaScript, which is why torbutton allows JavaScript. You need a plugin like Flash.
Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Red Emerald on April 25, 2012, 08:25:50 PM Hello, https://trac.torproject.org/projects/tor/wiki/doc/TorBOXjust setup a vm or real hardware working as a proxy to route all the traffic from eth0(internal network) to eth1(external network). eth1 routes then all traffic through tor. Now setup a 2nd vm which has only one port directly connected to eth0 on the proxy. ALL traffic is now routed through tor and immune to those attacks. I think there is a tutorial on the torwiki too. kind regards, a nice guy Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: cryptoanarchist on April 26, 2012, 03:55:22 PM Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing.
Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Red Emerald on April 26, 2012, 05:57:53 PM Wow...if you didn't know this before doing something illegal on the internet, maybe crime isn't your thing. Tor and illegal actions do not at all have to be connected. There are plenty of legitimate reasons for usage of Tor.I don't like when people automatically assume anonymity is only needed for illegal purposes. I don't want to live in that world. Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Xenland on April 29, 2012, 02:15:22 AM Every poster above or below this post should be considered a terrorist
I didn't know this, thanks for the post OP. Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: a nice guy on May 01, 2012, 08:49:52 AM Every poster above or below this post should be considered a terrorist Is this a bad or a good thing? :D Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Tuxavant on May 01, 2012, 02:18:55 PM I don't like disclosing TTPs, but if you put more than a few brain cells on this problem, it's pretty easy to mitigate it.
Title: Re: TOR users be aware, Flash and Javascript reveals IP address. Post by: Tuxavant on May 01, 2012, 03:30:07 PM But it really sucks when anonymity is sometimes needed. Talking about some politics where I live can get you 15 years in jail. WAY too many laws to break now aday... Tell someone is a jerk from with Arizona Internet connection and you go to jail. WTF. There is no such thing as a "law abiding citizen" any longer. |