How do we defeat exit node sniffing?
defcon
defconoii at gmail.com
Fri Jun 6 02:20:58 UTC 2008
for http connections im worried about cookie sidejacking as well since some
sites only authenticate via https and set a cookie, what can we do in this
regard?
On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <xizhi.zhu at gmail.com> wrote:
> you have to try to do the authentication with SSL/TLS. if not, your
> username and your password will be sent to the exit nodes first, and that's
> really terrible!
>
> 2008/6/6, defcon <defconoii at gmail.com>:
>
>> so what do you all suggest if I must authenticate to a non ssl
>> connection? How do I do it anonymously and safely?
>>
>> On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier at gmail.com>
>> wrote:
>>
>>> On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
>>> > What are some good ways to defeat exit node sniffing? Is there a
>>> listing of
>>> > good exit nodes that do not sniff?
>>> > Thanks,
>>> > defcon
>>>
>>>
>>> Prefer TLS-enabled services, and mind the authenticity of server certs.
>>> Or use Tor hidden services.
>>>
>>> --
>>> Christopher Davis
>>>
>>
>>
>
>
> --
> Use Tor to secure your surfing trace:
> http://www.torproject.org/
>
> My blog: http://xizhizhu.blogspot.com/
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20080605/b4080a76/attachment.htm>
More information about the tor-talk
mailing list