Introducing Torfox 3.0.10
Alexander Cherepanov
cherepan at mccme.ru
Thu Jun 11 01:11:39 UTC 2009
Hello, Jacob!
You wrote to or-talk at freehaven.net on Wed, 10 Jun 2009 09:47:41 -0700:
>> I think it just appeals to a different style of usage. That's the reason I
>> wanted to make it anyways. I've disabled Java, set it to auto delete private
>> data on shutdown, etc. I'm looking for input as far as what kinds of
>> protection needs to be added.
>
> I'm not sure what you mean when you say that it appeals to a different
> style of usage.
Don't know about Tor Fox's style of usage but one of my setups is a
firefox without plugins with javascript turned off going through tor
via privoxy. Is torbutton really needed in such a setup? The only
problem I can immediately see is css-only history stealing.
Alexander Cherepanov
P.S. Probably of interest to tor community:
New paper by Amit Klein (Trusteer) - "Temporary user tracking in major
browsers and Cross-domain information leakage and attacks". The
paper is available to download from the following page:
http://www.trusteer.com/temporary-user-tracking-in-major-browsers
Abstract:
User tracking across domains, processes (in some cases) and windows/tabs is
demonstrated by exploiting several vulnerabilities in major browsers
(Microsoft Internet Explorer, Mozilla Firefox, Apple Safari, and to a
limited extent Google Chrome). Additionally, new cross-domain
information leakage, and cross domain attacks are described, which
provide a foundation for attacks such as "in session phishing".
More information about the tor-talk
mailing list