"This release features an important security update to Tor Browser for Linux users. On Linux systems with GVfs/GIO support Firefox allows to bypass proxy settings as it ships a whitelist of supported protocols. Once an affected user navigates to a specially crafted URL the operating system may directly connect to the remote host, bypassing Tor Browser. Tails and Whonix users, and users of our sandboxed Tor Browser are unaffected, though."
(Score: 1, Insightful) by Anonymous Coward on Tuesday August 01 2017, @12:30PM (2 children)
You need to have the system running TBB on an isolated network with a firewalled proxy that in turn only allows Tor connections out. If you did this, as I have, then this direct connect exploit doesn't affect you.
A VM might be a less secure alternative, but physical system isolation is still the best bet, especially with dumb non-embedded ethernet devices just in case any of management engine systems in use actually CAN be triggered with coded ethernet/IP messages.
(Score: 0) by Anonymous Coward on Wednesday August 02 2017, @08:57PM (1 child)
(Score: 0) by Anonymous Coward on Wednesday August 02 2017, @09:00PM
Analogy: http://media.paperblog.fr/i/274/2743468/fashion-faux-pas-jour-dark-vador-est-fan-dhel-L-1.jpeg [paperblog.fr]