for http connections im worried about cookie sidejacking as well since some sites only authenticate via https and set a cookie, what can we do in this regard?<br><br><div class="gmail_quote">On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <<a href="mailto:xizhi.zhu@gmail.com">xizhi.zhu@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">you have to try to do the authentication with SSL/TLS. if not, your username and your password will be sent to the exit nodes first, and that's really terrible!<br>
<br>
<div><span class="gmail_quote">2008/6/6, defcon <<a href="mailto:defconoii@gmail.com" target="_blank">defconoii@gmail.com</a>>:</span><div><div></div><div class="Wj3C7c">
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0px 0px 0px 0.8ex; padding-left: 1ex;">so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?<br>
<br>
<div class="gmail_quote">On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <<a href="mailto:loafier@gmail.com" target="_blank">loafier@gmail.com</a>> wrote:<br>
<blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div>
<div></div>
<div>On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:<br>> What are some good ways to defeat exit node sniffing? Is there a listing of<br>> good exit nodes that do not sniff?<br>> Thanks,<br>> defcon<br>
<br> </div></div>Prefer TLS-enabled services, and mind the authenticity of server certs.<br>Or use Tor hidden services.<br><br>--<br><font color="#888888">Christopher Davis<br></font></blockquote></div><br></blockquote></div>
</div></div><font color="#888888">
<br><br clear="all"><br>-- <br>Use Tor to secure your surfing trace:<br><a href="http://www.torproject.org/" target="_blank">http://www.torproject.org/</a><br><br>My blog: <a href="http://xizhizhu.blogspot.com/" target="_blank">http://xizhizhu.blogspot.com/</a>
</font></blockquote></div><br>