[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How do we defeat exit node sniffing?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?
From: "Xizhi Zhu" <xizhi.zhu@xxxxxxxxx>
Date: Fri, 6 Jun 2008 10:08:25 +0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 05 Jun 2008 22:08:31 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=d0VtNhzv5XQXEjmyscOmGTzqjtFw6g7Gymp2ow7hdVo=; b=SYXEtnQSX3RAtOOd+15+XRufZ3hIhYR7Z3cWsEfNFK6cQ0i5vF+2RuKVosNLJsub08 h+6PhLLXr0O35WUaJW4X3juaHj6qQPGrVh3Cdg/IKC4VPN6wMK4v6RnpFZXZu4oVBph/ shwfCcJGkvDxceKwzomY+6hwGbEHizT+BQGP4=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=SHW6bB29ajGE4se67/i1kjZSQDZEOd/X2wfvH3mCMHshy2DNloHbQBkJ4DOJggQSwS 8+msJkH1Dba2/lhN6HkFSQVY4u3X5Xf+qp0fbfhVQklb7PiW5R9cQtwHBRfrRw6lRR2y jUwj/Jm9blWm4ZgDa2PAPS/xVAHIzKStCocBA=
In-reply-to: <a45400c30806051835u75d46afcs1acd73ed1b3f33@xxxxxxxxxxxxxx>
References: <a45400c30806051701m64da2e78vff227bab84d1ee73@xxxxxxxxxxxxxx> <20080606003753.GA35400@xxxxxxxxxxxxxxx> <a45400c30806051835u75d46afcs1acd73ed1b3f33@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

you have to try to do the authentication with SSL/TLS. if not, your username and your password will be sent to the exit nodes first, and that's really terrible!

2008/6/6, defcon <defconoii@xxxxxxxxx>:

so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:

On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

--
Christopher Davis

--
Use Tor to secure your surfing trace:
http://www.torproject.org/

My blog: http://xizhizhu.blogspot.com/

Follow-Ups:
- Re: How do we defeat exit node sniffing?
  - From: defcon

References:
- How do we defeat exit node sniffing?
  - From: defcon
- Re: How do we defeat exit node sniffing?
  - From: Christopher Davis
- Re: How do we defeat exit node sniffing?
  - From: defcon

Prev by Author: Re: Tor Desktop
Next by Author: Re: Possible attack questions
Previous by thread: RE: How do we defeat exit node sniffing?
Next by thread: Re: How do we defeat exit node sniffing?
Index(es):
- Author
- Thread