Defeat Exit Node Sniffing?

Stian Øvrevåge sovrevage at gmail.com
Sun Mar 2 21:09:04 UTC 2008


On Sun, Mar 2, 2008 at 9:30 PM, defcon <defconoii at gmail.com> wrote:
> I have been using tor for a while now, and I absolutely love it, although
> the only thing keeping me from using it, is the insecurities of the exit
> nodes.  I know to truly stay anonymous you should stay away from personal
> accounts "but" how can I connect through tor to gmail or other ssl enabled
> services without risking my password being sniffed or my dns request being
> hijacked.  Any advice would be greatly appreciated!
>  Thanks,
> defcon
>

To protect integrity and confidentiality you should use end-to-end
encryption. This is not only particular to Tor but goes for most
Internet communications. SSL/TLS (as used in https) provides
end-to-end encryption and will prevent your communication from being
sniffed.

However, you should be careful to examine that the certificates of the
remote server is signed and does not change. If they do change you
might be attacked by a man-in-the-middle attack, where you indeed are
talking securely, but directly to the attacker :-)

-- 
Stian Øvrevåge



More information about the tor-talk mailing list