[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How do we defeat exit node sniffing?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: How do we defeat exit node sniffing?
From: scar <scar@xxxxxxxxxx>
Date: Fri, 06 Jun 2008 21:22:34 +0000
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Fri, 06 Jun 2008 17:23:12 -0400
In-reply-to: <a45400c30806051920u7b1fb04dj985ba73015036e2f@xxxxxxxxxxxxxx>
References: <a45400c30806051701m64da2e78vff227bab84d1ee73@xxxxxxxxxxxxxx> <20080606003753.GA35400@xxxxxxxxxxxxxxx> <a45400c30806051835u75d46afcs1acd73ed1b3f33@xxxxxxxxxxxxxx> <1d1af7b40806051908x572399fn39c2ee50a2fdf3f3@xxxxxxxxxxxxxx> <a45400c30806051920u7b1fb04dj985ba73015036e2f@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

defcon @ 2008/06/06 02:20:
> for http connections im worried about cookie sidejacking as well since
> some sites only authenticate via https and set a cookie, what can we do
> in this regard?
> 


there's nothing to do in this case either. you have to be prepared for
your session to be hijacked.  at least, in this case, your password
cannot be changed since most sites require re-authenticating to change
the password (and that will be done via https).  always be sure to use
the "log out"/etc. link when done, to update the cookie accordingly.
again, personally, this hasn't happened to me (that i'm aware of).

from what i've casually seen in vidalia, if you are able to switch to
https, cookies are probably also exchanged via https even if they are
set to use "any type of connection" (as opposed to "encrypted
connections only").  i can hypothesize this because i no longer see
connections to port 80 after switching to https.  if the cookies were
being exchanged in the clear there would still be connections to port
80, right?  it seems wondering about this is mostly moot, though, since
the only way to be sure your information is secure is to use https all
the time with cookies set to use "encrypted connections only".  even
then you are placing trust in a CA, which is a third party also subject
to attack. oh my!

-----BEGIN PGP SIGNATURE-----

iD8DBQFISaqaXhfCJNu98qARCFEEAKCXzvJqMM7whLMRNjjEK4/qP++uggCgkmzO
0m31S0h/obTqCmZBg43myhc=
=d9h/
-----END PGP SIGNATURE-----

References:
- How do we defeat exit node sniffing?
  - From: defcon
- Re: How do we defeat exit node sniffing?
  - From: Christopher Davis
- Re: How do we defeat exit node sniffing?
  - From: defcon
- Re: How do we defeat exit node sniffing?
  - From: Xizhi Zhu
- Re: How do we defeat exit node sniffing?
  - From: defcon

Prev by Author: Re: How do we defeat exit node sniffing?
Next by Author: Re: How are hackers breaking Tor and trojan users?
Previous by thread: Re: How do we defeat exit node sniffing?
Next by thread: Re: How do we defeat exit node sniffing?
Index(es):
- Author
- Thread