[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
On Mon, Mar 10, 2008 at 2:40 AM, Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> wrote:
> ... Just because a website is secure at the moment,
> doesn't mean they wont make changes in future which leak your sessions.
managing this on your end transparently makes it impossible to
exploit. you enforce policy of ssl/tls only, always, regardless of
how they may have implemented sessions and authentication on their
end. (at worst, they break their service rendering it unusable
securely [DoS], rather than leaking your private information
> It is considerably safer to use gmails secure imap/smtp services rather
> than their webmail with Tor imo. More bandwidth friendly too.
agreed, though exit polices for these ports are not as plentiful...