lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Mon, 14 Dec 2009 21:08:23 -0800
From: coderman <coderman@...il.com>
To: nixlists <nixmlists@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Google Chrome 3.0.195.33 leaks DNS data
	queries outsitde of proxy if dns pre-fetching is enabled

On Mon, Dec 14, 2009 at 12:45 PM, nixlists <nixmlists@...il.com> wrote:
> Google Chrome ... DNS ... sent to the system's configured DNS cache.

that is why #1 at top of big red WARNING box about using Tor properly says:
https://www.torproject.org/download.html.en#Warning
"1. Tor only protects Internet applications that are configured to
send their traffic through Tor — it doesn't magically anonymize all
your traffic just because you install it. We recommend you use Firefox
with the Torbutton extension."

the only way to avoid DNS leaks despite most application configuration
is a transparent Tor proxy that intercepts all DNS and TCP at the
network layer and performs a redirect to the Tor Tcp and DNS Ports.
(see man page.)

RTFM FTW
... but never hurts to point out the obvious i guess...

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists