Re-verify app-launching defenses on Windows
Rsnake claims that some stuff he did 3 years ago still works on TBB. We certainly fixed the two vectors he mentioned (itms and smb) with Torbutton, but it is possible that one or more random things have been broken/undone by FF17. We should retest as many of them as we can, especially on Windows. Especially since Rsnake seems insistent on being as unhelpful as possible :/. Gotta love timewasters....
Most decloaking attacks are based on plugins, which are disabled by a Firefox patch and also by Firefox settings, but the following two decloak.net attacks should be retested:
-
"When the iTunes is installed, it registers the itms:// protocol handler. This protocol handler will open iTunes and do a direct connection to the specified URL. There are some restrictions on the URL you can pass, but we found a nice way around them :-)"
-
"When Microsoft Office is installed and configured to automatically open documents, a file can be returned which automatically downloads an image from the internet. This can bypass proxy settings and expose the real DNS servers of the user."
Unfortunately, decloak.net is now down, so the exact itms url it used is unavailable (unless the source is still around somewhere).
Also, this test should be verified on Windows: http://pseudo-flaw.net/tor/torbutton/ipleak-dotnet-assistant.html
I think the .NET assistant addon might need to be explicitly installed these days. It used to auto-install with some piece of .NET but then Mozilla blacklisted it. They may have removed the blacklist, though...
Also, we should try some SMB urls on windows. Native Firefox SMB handling appears to be unimplemented still, but it may be possible to shove something in the registry that enables an external handler: http://kb.mozillazine.org/Register_protocol#Windows http://msdn.microsoft.com/en-us/library/aa767914.aspx
Such external handlers should still be blocked by Torbutton, though. They certainly are on MacOS and Linux...