James, Do you have a copy of these tests? I'm definitely interested in seeing it. However, I am NOT posing this as a solution to java issues, just another defense layer. This effectively keeps non-malicious applets from surreptitious leakage. I highly doubt a determined application would be cornered in, but most seem to be. Regarding DNS, well that is again another issue to be looked at, unfortunately.
Steve James Muir wrote: > Arrakis wrote: >> It appears that Java attacks for causing external IP data to be leaked >> can be mitigated to some good degree. The upshot is that you can now run >> Java applets that even when attempting to phone home directly (revealing >> your IP), they are routed through the socks port and thus Tor or any >> other socks speaking application. What we are doing is changing the >> proxy settings of the Java Control Panel in windows. > > Some time ago, I conducted several tests that demonstrated that Java > Applets have the ability to disregard proxy settings in the Java Control > and open direct non-proxied connections. I do not think what you have > described will work. > > -James >
