[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-bugs] #2238 [EFF-HTTPS Everywhere]: in Facebook account settings, clicking tabs kicks you off Facebook

To: undisclosed-recipients:;
Subject: Re: [tor-bugs] #2238 [EFF-HTTPS Everywhere]: in Facebook account settings, clicking tabs kicks you off Facebook
From: "Tor Bug Tracker & Wiki" <torproject-admin@xxxxxxxxxxxxxx>
Date: Tue, 11 Jan 2011 23:27:10 -0000
Auto-submitted: auto-generated
Delivered-to: archiver@xxxxxxxx
Delivery-date: Tue, 11 Jan 2011 18:27:33 -0500
In-reply-to: <047.286d6710b6b49237f35f587c61caf212@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-bugs>
List-help: <mailto:tor-bugs-request@lists.torproject.org?subject=help>
List-id: Tor bugs reporting list for trac <tor-bugs.lists.torproject.org>
List-post: <mailto:tor-bugs@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-bugs>, <mailto:tor-bugs-request@lists.torproject.org?subject=unsubscribe>
References: <047.286d6710b6b49237f35f587c61caf212@xxxxxxxxxxxxxx>
Reply-to: tor-assistants@xxxxxxxxxxxxxx
Sender: tor-bugs-bounces@xxxxxxxxxxxxxxxxxxxx

#2238: in Facebook account settings, clicking tabs kicks you off Facebook
-----------------------------------+----------------------------------------
  Reporter:  newacct               |       Owner:  pde   
      Type:  defect                |      Status:  closed
  Priority:  normal                |   Milestone:        
 Component:  EFF-HTTPS Everywhere  |     Version:        
Resolution:  wontfix               |    Keywords:        
    Parent:                        |  
-----------------------------------+----------------------------------------
Changes (by pde):

  * status:  new => closed
  * resolution:  => wontfix


Comment:

 This is a bug in Facebook's HTTPS support.

 You'll get this behaviour if you have the Facebook+ rule enabled.Â It's
 because some account settings pages are not available over HTTPS (!), so
 if you try to access them with your cookies secured, those pages won't get
 your cookie.Â You have two choices:

 1. Disable the Facebook+ rule then log out and back in again -- you'll be
 vulnerable to Firesheep and other cookie theft attacks, but these settings
 pages will work.

 2. Live without those settings pages :(

 One day, we hope Facebook will fix these bugs in their site.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/2238#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Prev by Author: Re: [tor-bugs] #2218 [EFF-HTTPS Everywhere]: google search is changed...no "images search" on results
Next by Author: Re: [tor-bugs] #2337 [Tor Client]: Check for signed size_t during configure
Previous by thread: Re: [tor-bugs] #2218 [EFF-HTTPS Everywhere]: google search is changed...no "images search" on results
Next by thread: [tor-bugs] #2376 [Torouter]: Torouter shouldn't have its data directory in /tmp/
Index(es):
- Author
- Thread