[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How do we defeat exit node sniffing?



for http connections im worried about cookie sidejacking as well since some sites only authenticate via https and set a cookie, what can we do in this regard?

On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <xizhi.zhu@xxxxxxxxx> wrote:
you have to try to do the authentication with SSL/TLS. if not, your username and your password will be sent to the exit nodes first, and that's really terrible!

2008/6/6, defcon <defconoii@xxxxxxxxx>:
so what do you all suggest if I must authenticate to a non ssl connection?  How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:
On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing?  Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

 
Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

--
Christopher Davis




--
Use Tor to secure your surfing trace:
http://www.torproject.org/

My blog: http://xizhizhu.blogspot.com/