|Type of work:||Security Audit||Affected tool:|
Any included networked application needs to be analyzed for possible information leakages at the protocol level, e.g. if email clients leak the real IP address through the EHLO/HELO request etc.
This could be limited to applications whose protocol allows for such leakages.
The "claws with torsocks leaks hostname bug was fixed, but the fact that
torsocks behaves worse than
tsocks in this respect is worrying and should be investigated further. Perhaps other applications using
torify are also affected?
- iSECPartners' LibTech-Auditing-Cheatsheet