building pages with tor in mind

James Muir jamuir at
Tue Feb 27 22:17:07 UTC 2007

> You might also look at some of the exploits Kevin McCurley has on
> the digicrime site. I don't think he's updated them for years, but
> they're still there. James Muir has already pointed to some of the
> similar exploits he's done.

The particular exploit that I think Paul is alluding to here (which I 
haven't mentioned previously) is the following:  in the latest Java API, 
the constructor for the Socket class has been designed to allow 
connections which by-pass proxies.  So, if you have the Java 1.5 or 
later VM enabled, you should beware that applets can open non-proxied 
connections, regardless of both the proxy settings in your browser and 
the proxy setting you set in the Java Control Panel.


More information about the tor-talk mailing list