Using Gmail (with Tor) is a bad idea
Fabian Keil
freebsd-listen at fabiankeil.de
Tue Sep 19 17:19:53 UTC 2006
"Taka Khumbartha" <scarreigns at gmail.com> wrote:
> is the issue here not with gmail, but perhaps javascript? can anyone
> confirm that there is no in-secure re-direction if javascript is
> dis-abled? if there still is (in-secure re-direction), please be
> specific about how to observe such an in-security.
The redirects I'm talking about are basic HTTP features
and don't depend on JavaScript at all.
It's possible to emulate redirects with JavaScript,
but if an attacker is already in the position to run code
on your system, she probably has better things to do than
just to redirect you.
If you want to see how a redirect looks like,
use a Privoxy section like:
{-limit-connect \
+redirect{http://tor.eff.org/} \
}
secure-login.example.org:443/
Enter https://secure-login.example.org/ in your browser
and see what happens. If you are still using Privoxy 3.0.3
use:
{+block \
+handle-as-image \
-limit-connect \
+set-image-blocker{http://tor.eff.org/} \
}
secure-login.example.org:443/
instead.
Fabian
--
http://www.fabiankeil.de/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060919/5fad935a/attachment.pgp>
More information about the tor-talk
mailing list