[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How do we defeat exit node sniffing?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?
From: defcon <defconoii@xxxxxxxxx>
Date: Thu, 5 Jun 2008 19:20:58 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Thu, 05 Jun 2008 22:21:05 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to :subject:in-reply-to:mime-version:content-type:references; bh=XzIxWd4TOSjTIToP/H4xYX2GibPqrvyur5ZIIkxSlnw=; b=uwIxTPKfDNTVWV/2ptsH7I4+lrWdYKPXoAdT/21c+lG1zJgshUzhTfsEZXRA9m1qKi bY8Xam5K/jcJfaCVDYTmqi6L820w8rOzH1zzuhxYuBSY13ip4/H7tzFP6Wm4lsZOCcnH KTKduJHGrZBSdmLEnwOMaNHh/hf7POYLGs2+E=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version :content-type:references; b=fi3V+rZ2VIJv/pUqIdinMG9GXiRb1zV+1nCH+ON9DduphGFhJtB6OQnttNkjwvZl5X DyGYLhodUTc41hs8dah7CzIsGeRw19WFfYxbzMyLe6dbbTKkRuw8f/+g4MfHhLb0z/6z DB356XYg4uE63hy1K2cPE7IAREf4rM9gooyAI=
In-reply-to: <1d1af7b40806051908x572399fn39c2ee50a2fdf3f3@xxxxxxxxxxxxxx>
References: <a45400c30806051701m64da2e78vff227bab84d1ee73@xxxxxxxxxxxxxx> <20080606003753.GA35400@xxxxxxxxxxxxxxx> <a45400c30806051835u75d46afcs1acd73ed1b3f33@xxxxxxxxxxxxxx> <1d1af7b40806051908x572399fn39c2ee50a2fdf3f3@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

for http connections im worried about cookie sidejacking as well since some sites only authenticate via https and set a cookie, what can we do in this regard?

On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <xizhi.zhu@xxxxxxxxx> wrote:

you have to try to do the authentication with SSL/TLS. if not, your username and your password will be sent to the exit nodes first, and that's really terrible!

2008/6/6, defcon <defconoii@xxxxxxxxx>:

so what do you all suggest if I must authenticate to a non ssl connection? How do I do it anonymously and safely?

On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <loafier@xxxxxxxxx> wrote:

On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon

Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.

--
Christopher Davis

--
Use Tor to secure your surfing trace:
http://www.torproject.org/

My blog: http://xizhizhu.blogspot.com/

Follow-Ups:
- Re: How do we defeat exit node sniffing?
  - From: Kyle Williams
- Re: How do we defeat exit node sniffing?
  - From: scar

References:
- How do we defeat exit node sniffing?
  - From: defcon
- Re: How do we defeat exit node sniffing?
  - From: Christopher Davis
- Re: How do we defeat exit node sniffing?
  - From: defcon
- Re: How do we defeat exit node sniffing?
  - From: Xizhi Zhu

Prev by Author: Re: How do we defeat exit node sniffing?
Next by Author: Re: Tor Desktop
Previous by thread: Re: How do we defeat exit node sniffing?
Next by thread: Re: How do we defeat exit node sniffing?
Index(es):
- Author
- Thread