Torbutton Documentation - Adversary Capabilities.

downie - downgeoff2 at hotmail.com
Thu Jul 15 00:19:48 UTC 2010



> Date: Wed, 14 Jul 2010 22:26:26 +0100
> From: pumpkin at cotse.net
> To: or-talk at freehaven.net
> Subject: Re: Torbutton Documentation - Adversary Capabilities.
> 
>   So to go back to the OP's question (my question)....what do people think 
> of my questions about JavaScript being able to obtain non-Tor IPs when 
> wiping the cache?

I may need correcting here, but I believe that things like Javascript timers are stored in memory as part of the page's Document Object Model (DOM), and DOM Storage attacks are one of the things that Torbutton protects against. The DOM disappears when the window or tab is closed anyway. 
Furthermore, if Torbutton is set up correctly, the cache in the Tor state is isolated from the cache in the Non-Tor state, so stored .js files can't come back to bite you.
GD
 		 	   		  
_________________________________________________________________
The New Busy think 9 to 5 is a cute idea. Combine multiple calendars with Hotmail. 
http://www.windowslive.com/campaign/thenewbusy?tile=multicalendar&ocid=PID28326::T:WLMTAGL:ON:WL:en-US:WM_HMP:042010_5
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100714/6612ab9d/attachment.htm>


More information about the tor-talk mailing list