[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <f26cd0910912151339n6e4fcae7q3716b97839181f7e@mail.gmail.com>
Date: Tue, 15 Dec 2009 13:39:34 -0800
From: Dan Kaminsky <dan@...para.com>
To: nixlists <nixmlists@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Chrome 3.0.195.33 leaks DNS data
queries outsitde of proxy if dns pre-fetching is enabled
Nix,
Proxies are not a security technology in the way you think they are.
Way back in the day, NAT didn't exist. In order for large numbers of
users to share small number of IP addresses, application layer gateways --
proxies -- needed to be written such that a backend client could "ask" for
connectivity through the one host on the network that had direct Internet
access. Some of these proxies were protocol specific (HTTP, FTP, Gopher),
and some were more generic (SOCKS4/5).
While there were toolkits that allowed transparent proxying to be loaded
into any network application -- so called "socksifiers" -- they were always
a little unstable and obtuse. So any application that wanted to function in
a corporate environment eventually got proxy support built right into the
UI.
This wasn't for security. It was the 90's, nobody did *anything* for
security. It was just for connectivity.
There are some implications to this. While the UI declares proxies MAY
be used, it doesn't actually mean they MUST be used. More protocols than
HTTP are accessible via the web browser. Do you think SMB uses the browser
configured proxies? What about Flash and Java sockets? And even if they
did use the proxies, SOCKS4 didn't even support remote DNS in its first
incarnation; that supported was added unofficially in SOCKS4a and officially
in SOCKS5. To this day, Firefox can't turn remote DNS on by default,
because so many of the proxies have buggy implementations of it.
The TOR guys are aware of all of this, of course. The approach they've
been working on has been to virtualize the entire network stack of the
Windows instance behind a Linux VM. That's the only real way to prevent
leaks. Playing whack-a-mole at the application layer is ultimately
pointless. If you want to prevent network traffic from leaking, you really
need full access to all traffic.
--Dan
On Tue, Dec 15, 2009 at 1:01 PM, nixlists <nixmlists@...il.com> wrote:
> The point is besides the fact that you can configure Chrome to proxy
> through Tor or anything else, Chrome is not supposed to leak DNS -
> it's a bug that Firefox currently does not have for instance. Many
> users use proxies to avoid corporate and other firewalls, and to
> prevent leakage of information a suppressive government will throw
> them in jail for - China for instance. Tor just makes a good example.
> IT IS IMPORTANT FOR UNWITTING USERS TO KNOW ABOUT THIS BUG. They may
> be thinking that Chrome is safe for proxies.
>
> The other OT issue about Chrome is of course even despite you using a
> proxy the right way all the real information about you will be found
> on Google's servers anyway because Chrome has a lot of hidden
> information collecting eggs that Google won't talk about. The company
> has decided that privacy does not matter long time ago. And if it does
> matter for you - well according to Google then you are a criminal.
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists