building pages with tor in mind
James Muir
jamuir at scs.carleton.ca
Tue Feb 27 22:17:07 UTC 2007
> You might also look at some of the exploits Kevin McCurley has on
> the digicrime site. I don't think he's updated them for years, but
> they're still there. James Muir has already pointed to some of the
> similar exploits he's done.
The particular exploit that I think Paul is alluding to here (which I
haven't mentioned previously) is the following: in the latest Java API,
the constructor for the Socket class has been designed to allow
connections which by-pass proxies. So, if you have the Java 1.5 or
later VM enabled, you should beware that applets can open non-proxied
connections, regardless of both the proxy settings in your browser and
the proxy setting you set in the Java Control Panel.
-James
More information about the tor-talk
mailing list