lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <a39da3560912151511v68aebe55qd7fe31251c5c130b@mail.gmail.com>
Date: Tue, 15 Dec 2009 23:11:10 +0000
From: nixlists <nixmlists@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Chrome 3.0.195.33 leaks DNS data
	queries outsitde of proxy if dns pre-fetching is enabled

On Tue, Dec 15, 2009 at 9:39 PM, Dan Kaminsky <dan@...para.com> wrote:
> Nix,
>
>    Proxies are not a security technology in the way you think they are.

They're not, but many still use the browsers' proxy features hoping
for more anonymity and avoidance of data sniffing. Most users are not
security experts. They are not able or are not allowed to use VPNs and
such.

> leaks.  Playing whack-a-mole at the application layer is ultimately
> pointless.  If you want to prevent network traffic from leaking, you really
> need full access to all traffic.

It's pointless from the viewpoint of a security expert, not an
everyday computer user that uses these features thinking it's harder
to sniff traffic. Application bugs like this still need to be
disclosed and fixed. No?

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ