[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a39da3560912151511v68aebe55qd7fe31251c5c130b@mail.gmail.com>
Date: Tue, 15 Dec 2009 23:11:10 +0000
From: nixlists <nixmlists@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Chrome 3.0.195.33 leaks DNS data
queries outsitde of proxy if dns pre-fetching is enabled
On Tue, Dec 15, 2009 at 9:39 PM, Dan Kaminsky <dan@...para.com> wrote:
> Nix,
>
> Proxies are not a security technology in the way you think they are.
They're not, but many still use the browsers' proxy features hoping
for more anonymity and avoidance of data sniffing. Most users are not
security experts. They are not able or are not allowed to use VPNs and
such.
> leaks. Playing whack-a-mole at the application layer is ultimately
> pointless. If you want to prevent network traffic from leaking, you really
> need full access to all traffic.
It's pointless from the viewpoint of a security expert, not an
everyday computer user that uses these features thinking it's harder
to sniff traffic. Application bugs like this still need to be
disclosed and fixed. No?
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists