Applications audit
Originally created by Tails on #5769 (Redmine)
Any included networked application needs to be analyzed for possible information leakages at the protocol level, e.g. if email clients leak the real IP address through the EHLO/HELO request etc.
This could be limited to applications whose protocol allows for such leakages.
General issues
The "claws with torsocks leaks
hostname;
bug was fixed, but the fact that torsocks behaves worse than tsocks
in this respect is worrying and should be investigated further. Perhaps
other applications using torify are also affected?
Per-software sub-pages:
Resources
- iSECPartners’ LibTech-Auditing-Cheatsheet