Privacy concerns in interMute

[john () KUWAIT NET (John Temples)]

interMute (www.intermute.com) is a junk filter/privacy enhancer for web
browsers.  It runs as either a privileged Java applet within your
browser, or as a standalone Java application.

interMute operates as a proxy server listening on port 4444, and is
meant to operate dedicated to a single user.  It correctly rejects any
service requests from IP addresses not on the local host.  However, it
has no mechanism to determine whether requests coming from the local
host originated from the browsing user, or some other user.

The interMute proxy has a "home page" from which the user can configure
it and view filtering statistics for the current session.  A local user
on a UNIX host can connect to another user's interMute proxy, giving
him full control over interMute.  Thus various attacks and intrusions
are possible:

1) The sites which were acted upon by interMute are listed in the
   "statistics" area, thus revealing part of the user's browsing history;

2) interMute can be configured to chain to another proxy, thus allowing
   all browsing activity to be redirected and logged without the user's
   knowledge;

3) interMute can be configured to load a home page which could contain
   hostile Java and/or JavaScript code;

4) Various denial of service attacks are possible by reconfiguring
   interMute's filters.

I was unable to trick it into handling "file:" URLs or retrieving files
off the disk, except for files in the interMute home directory.

Reported to the vendor on July 9; no reply received.

--
John W. Temples, III