| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Tue, 15 Dec 2009 23:11:10 +0000 From: nixlists <nixmlists@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Re: Google Chrome 3.0.195.33 leaks DNS data queries outsitde of proxy if dns pre-fetching is enabled On Tue, Dec 15, 2009 at 9:39 PM, Dan Kaminsky <dan@...para.com> wrote: > Nix, > > Proxies are not a security technology in the way you think they are. They're not, but many still use the browsers' proxy features hoping for more anonymity and avoidance of data sniffing. Most users are not security experts. They are not able or are not allowed to use VPNs and such. > leaks. Playing whack-a-mole at the application layer is ultimately > pointless. If you want to prevent network traffic from leaking, you really > need full access to all traffic. It's pointless from the viewpoint of a security expert, not an everyday computer user that uses these features thinking it's harder to sniff traffic. Application bugs like this still need to be disclosed and fixed. No? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists