lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 13 May 2019 21:39:51 +0545
From: Bipin Gautam <bipin.gautam@...il.com>
To: fulldisclosure@...lists.org
Subject: [FD] TOR browser / Firefox telemetry data

POC:

tl;dr

run just Firefox browser / TOR and just nothing

and tcpdump the computing device /  network

firewall BLOCK all IP/A names, gradually... that shows up in tcpdump
when you do not using firefox but it connects automatically (if you
block something firefox hops to something else, 3-5+ times )


QUICK FIX:

in address bar:

about:config
>>> then
search for string:

org

com

mozilla

firefox

google

...?


to start with : almost all... the url string that shows up in the
above search, should be removed in TOR and firefox browser or left to
minimum
---

after you fix it : see no activity in tcpdump when firefox is idle


Does everyone use their own customized OS/s now ?


Recommendation : firefox being a OSS browser, should create a master
switch for ... .

The corporate / world is going in the opposite direction, everyone
want a piece of everything

android/iOS seems as new windows 3.1

and then malware/RAT as now - games, apps, android, in every computing
device, every app.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists