Any included networked application needs to be analyzed for possible information leakages at the protocol level, e.g. if email clients leak the real IP address through the EHLO/HELO request etc.
This could be limited to applications whose protocol allows for such leakages.
The "claws with torsocks leaks hostname; bug was fixed, but the fact that
torsocks behaves worse than
tsocks in this respect is worrying and should be investigated further. Perhaps other applications using
torify are also affected?
- iSECPartners’ LibTech-Auditing-Cheatsheet
|Feature #6117: Audit Pidgin||Confirmed||
|Feature #6118: audit iceweasel config||Resolved||
|Feature #6115: Audit polipo||Rejected||
|Feature #6121: Audit Liferea||Rejected||
|Feature #6119: audit claws mail||Rejected||