Nix, Proxies are not a security technology in the way you think they are.
Way back in the day, NAT didn't exist. In order for large numbers of users to share small number of IP addresses, application layer gateways -- proxies -- needed to be written such that a backend client could "ask" for connectivity through the one host on the network that had direct Internet access. Some of these proxies were protocol specific (HTTP, FTP, Gopher), and some were more generic (SOCKS4/5). While there were toolkits that allowed transparent proxying to be loaded into any network application -- so called "socksifiers" -- they were always a little unstable and obtuse. So any application that wanted to function in a corporate environment eventually got proxy support built right into the UI. This wasn't for security. It was the 90's, nobody did *anything* for security. It was just for connectivity. There are some implications to this. While the UI declares proxies MAY be used, it doesn't actually mean they MUST be used. More protocols than HTTP are accessible via the web browser. Do you think SMB uses the browser configured proxies? What about Flash and Java sockets? And even if they did use the proxies, SOCKS4 didn't even support remote DNS in its first incarnation; that supported was added unofficially in SOCKS4a and officially in SOCKS5. To this day, Firefox can't turn remote DNS on by default, because so many of the proxies have buggy implementations of it. The TOR guys are aware of all of this, of course. The approach they've been working on has been to virtualize the entire network stack of the Windows instance behind a Linux VM. That's the only real way to prevent leaks. Playing whack-a-mole at the application layer is ultimately pointless. If you want to prevent network traffic from leaking, you really need full access to all traffic. --Dan On Tue, Dec 15, 2009 at 1:01 PM, nixlists <nixmli...@gmail.com> wrote: > The point is besides the fact that you can configure Chrome to proxy > through Tor or anything else, Chrome is not supposed to leak DNS - > it's a bug that Firefox currently does not have for instance. Many > users use proxies to avoid corporate and other firewalls, and to > prevent leakage of information a suppressive government will throw > them in jail for - China for instance. Tor just makes a good example. > IT IS IMPORTANT FOR UNWITTING USERS TO KNOW ABOUT THIS BUG. They may > be thinking that Chrome is safe for proxies. > > The other OT issue about Chrome is of course even despite you using a > proxy the right way all the real information about you will be found > on Google's servers anyway because Chrome has a lot of hidden > information collecting eggs that Google won't talk about. The company > has decided that privacy does not matter long time ago. And if it does > matter for you - well according to Google then you are a criminal. > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ >
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/