How do we defeat exit node sniffing?
scar
scar at drigon.com
Fri Jun 6 20:56:27 UTC 2008
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
defcon @ 2008/06/06 01:35:
> so what do you all suggest if I must authenticate to a non ssl
> connection? How do I do it anonymously and safely?
>
to do it anonymously, i recommend creating a new account using a new,
anonymous e-mail (if required), all via Tor of course.
as for safely, you can always try changing the url to https, sometimes a
site supports https but doesn't use it by default. ensure your browser
warns you if parts of the page are unencrypted and when you are
submitting unencrypted information, check to especially make sure the
form submission links will use https.
otherwise, there is no safe way to do it. you have to be prepared in
this case for your login credentials and entire account to be
compromised. of course changing your password is futile as that is
probably done in the clear as well. at least you will remain anonymous.
to me, personally, (to my knowledge) this has not happened.
-----BEGIN PGP SIGNATURE-----
iD8DBQFISaRgXhfCJNu98qARCFC0AKCVShLjKMkt31mZF5kMKie5GIu+owCg5BfX
nBYwVJSpT213/IWnqg2bFmY=
=IHLI
-----END PGP SIGNATURE-----
More information about the tor-talk
mailing list