be fixed
[70]
, and this proves how it can become a time bomb when installed on a
computer.
6.6.2 Controlling Flash
The only recommendation I can make is:
uninstall it completely. If you need
it, refer to the “Controlling JavaScript” section, since all the extensions/add-ons
listed there can also block the
Flash Player.
6.7 Java
Java is a popular programming language among the developers across the
web (although if it recently
lost some of its appeal, it gained new popularity
thanks to
Android) and has given birth to very good
web applications for years.
Recently, however, the HTML5 technologies and browsers in general are getting
more and more popular, placing the Web Java as a niche language. It is still a
valuable tool to date, of course, especially if used to fully leverage the hardware
available in the market. Keep in mind, however,
that most of the modern
browsers are going to abandon it soon. Consequently, sooner or later Java may
become deprecated in the web sector.
6.7.1 Java impact over security
The older versions of Java were under discussion, since it was impossible to
setup a
SOCKS4/5 proxy externally, thus forcing users to completely disable it.
The problem has been fixed in the latest versions with a new feature; hopefully,
the development team will better document such new possibility. Nevertheless,
we suggest you to completely disable the Java client, because a misconfigured
browser may cause a
DNS leak (which has been thoroughly
explained in the
VPN chapter).
6.7.2 Controlling Java
You can disable the Java client using the same tools already outlined in the
“
Controlling JavaScript” paragraph. However, if you still need it, we suggest
you to use Orchid
[71]
, an experimental browser based on Tor Browser, which
fully supports the Java libraries, even on Android devices.
6.8 ActiveX
ActiveX is an extension created by Microsoft to... extend the functionalities
of the Internet Explorer browser. Even if not too popular in Europe (differently
from
Far-Eastern applications, like IP Cameras), it permits to completely control
the machine running it, allowing operations that can potentially compromise the
whole user’s system.
6.8.1 ActiveX impact over security
As you can imagine, ActiveX is an extremely dangerous tool, if used by
criminals. Fortunately, it is not too popular, and has been deprecated by almost
all the public services. You should keep in mind, however, that regardless of
staying
anonymous or not, an ActiveX can penetrate the host device and infect it
with any kind of malware and trojans, compromising any anonymization effort.
6.8.2 Controlling ActiveX
Since we cannot know the nature of each single ActiveX application, we
strongly discourage you from executing the ones with an untrusted source. If you
run an application executing a separated Internet connection, you have to ensure
that the entire System is configured to the external connection through
Proxy/VPN/Tor. If possible, you should also verify the origin of each single
application certificate (the digital signatures) and their integrity. In case of
doubts, never allow the client-side executions (this option is only available on
Windows XP SP2 and later versions).
6.9 WebRTC
WebRTC
is the new technology, established in 2011, allowing to make video
chats with a browser, using the
HTML5 and
JavaScript languages. Such
technology is pre-installed on next generation browsers and OSs
[72]
and can be
currently used in services like
Firefox Hello, Google Hangouts, Skype (web
version), Facebook Messenger and so on.
6.9.1 WebRTC impact over security
Being a relatively new technology (it’s only 5 years old!), there’s only a
small number of
case-histories. Actually, there is only one. According to a
research
conducted by TorrentFreak
[73]
, a remote site can leverage the WebRTC
protocol to reveal the real IP address of a user, even if they are connected to a
VPN or a TOR network. And it’s not only limited to the public address, since it
can also reveal the local one!
Are you paranoid? Well, you may be right; however, this vulnerability is
(hopefully) leveraged only by a few portals. Nevertheless, try to connect to a
VPN and visit the test address
[74]
. If your real IP address is shown (whether it is
the local or the remote one) – notwithstanding the
VPN or other systems
spoofing your IP – then you are vulnerable. You can further explore this
Do'stlaringiz bilan baham: 
