Defeat Exit Node Sniffing?

Martin Fick mogulguy at yahoo.com
Mon Mar 3 23:17:04 UTC 2008


--- coderman <coderman at gmail.com> wrote:
> with a rogue exit node you also need to be aware of
> intentional injection of http://.  since google does

> not bind authenticated session cookies to ssl only 
> (secure only flag) you need to mitigate this
yourself. 
> otherwise, a single http://...google.com/ will
expose
> your session cookie and permit session hijacking.

How is it going to inject anything into an https
stream?

-Martin



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping



More information about the tor-talk mailing list