The best way to run a hidden service: one or two computers?
Mike Perry
mikeperry at fscked.org
Sun Sep 26 00:04:14 UTC 2010
Thus spake coderman (coderman at gmail.com):
> however, if an attacker has access to read this locally they've
> already compromised you to a degree that random mac affords no
> protection...
Is this really true? One of the things I've wondered about here is
plugins, but since Torbutton disables them for other reasons I haven't
really looked into it. For insance, I know Java can create a socket,
and query the interface properties of that socket to get the interface
IP. Why not mac address? And if not java, can one of flash,
silverlight, pdf-javascript, or others do this? Already we have
location features built in to the browser based on nearby Wifi MACs...
The Java trick to get the interface IP does not require special privs,
so a randomized MAC would in fact help this scenario, if it were
somehow possible.
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20100925/866886c7/attachment.pgp>
More information about the tor-talk
mailing list