building pages with tor in mind
coderman
coderman at gmail.com
Tue Feb 27 19:01:11 UTC 2007
On 2/27/07, Bryan Fordham <bfordham at gmail.com> wrote:
> on a more general note: Does anyone actually have an example of how
> javascript can compromise your anonymity? Not "it can obtain your IP"-type
> stuff, but actual code.
consider the drive-by pharming style attack:
http://www.symantec.com/enterprise/security_response/weblog/2007/02/driveby_pharming_how_clicking_1.html
malicious javascript connects to your router, and if using defaults,
can open up an external telnet management service, change your DNS
server, basically leverage your router for any number of secondary
attacks.
More information about the tor-talk
mailing list