It appears that Java attacks for causing external IP data to be leaked can be mitigated to some good degree. The upshot is that you can now run Java applets that even when attempting to phone home directly (revealing your IP), they are routed through the socks port and thus Tor or any other socks speaking application. What we are doing is changing the proxy settings of the Java Control Panel in windows. The following will shortly be applied to xB Browser after testing, and I highly suggest it for other proxy programs. Needs lots of testing of course, and I would also like to know if Java applets can acquire the authority to modify that file as well. May require administrative access, but I imagine Vista will popup a priv escalation window. There are probably variations in the directories and syntax if you are running JRE <1.4. A good indicator of old versioning is to see if your shoes employ the use of velcro, you have a pair of 'jams' in your closet, or you've found yourself to be too legitimate to quit.
Regards, Steve Topletz ------------- 1. Look for $APPDATA\Sun\Java\Deployment\deployment.properties If there is no deployment.properties file there, try all administrative usernames we can enumerate until we find the file. This is not a certianty. 2. Back up deployment.properties to a new file name. 3. Open it up 4. Read and store all lines beginning with "deployment.version" 5. Read and store all lines beginning with "deployment.javapi" 6. Close the file 7. Create a new file deployment.properties where the old one was. 8. Open the file 9. Insert the following lines #deployment.properties deployment.system.tray.icon=false deployment.browser.vm.iexplorer=false deployment.proxy.socks.host=localhost deployment.proxy.type=1 deployment.proxy.same=true deployment.browser.vm.mozilla=false deployment.capture.mime.types=true deployment.proxy.socks.port=8080 (where port 8080 is your socks port. in Tor, use 9050 by default) 10. Write all previously stored lines from old opened file. 11. Close the new deployment.properties Continue starting your proxy program On program exit... 12. Delete the deployment.properties file we created. 13. Restore the deployment.properties file we backed up.
