[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: How do we defeat exit node sniffing?



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

defcon wrote:
> so what do you all suggest if I must authenticate to a non ssl
> connection?  How do I do it anonymously and safely?
> 
(snip)

AFAIK, you can't.

However, there are three personal rules I stick to, when using accounts
which need a login through Tor. They may or may not apply to your scenario:

1.) Any account used for anonymity, must be created through Tor, and
never have been touched without it.

2.) Any such account must, of course, always be accessed through Tor
after its creation.

3.) Any such account must be considered expendable; i.e., if an exit
sniffer stole the credentials and either locked you out or impersonated
you, it wouldn't be a real problem.

If you'd rather not have to follow Rule 3, make sure you use accounts
with services that use strong encryption - and watch out for accidental
leaks*.


*: Supposedly, Gmail's Web interface sometimes leaks, even when using it
under HTTPS. To minimize such leaks, it's important to switch on POP or
IMAP ASAP, and use a client with it with SSL/TLS enabled.

- --
F. Fox
AAS, CompTIA A+/Network+/Security+
Owner of Tor node "kitsune"
http://fenrisfox.livejournal.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQIVAwUBSE3aW+j8TXmm2ggwAQgmRhAAjClll0d+dTaRWupAeLgqgyqxnH0RvQrc
GdBY1JQKoNewuaJpkEWzqaTK8fGRRbni09eJDleKfpfy/HREav9qlrCXDTK2Bkmx
37WiMo87R5ALm44WBsJ+9O7dCbKifo4haLB7ieNxZjJPI2yiZdPaVIQOG92rnWSh
lRO/PsZ83vm08HwJFdkwpQcCis1zjmDsMCzPBj4vkxpl0MzzSinzpgwbueJPK9g2
IJwcuDJh+3UBxDN3NVcWOJucXZ/6cGHUkG5ZTit6BL7jJO2nTIEI6hEnmO+eJQvp
Pn/kmsiv+XyWNph62jabYZ2BBafJ+nwrbvF+DmiX181BIGH2+SjN7m1/VDmRgoEb
T2OT8pXcHL86GppcNHTMKPvxzPJ09u9FCTfgRiW7rY/5loJJiLhXZtQ893hDTWG1
tkeBaSgyxc+EsVuI3z7fb8onX8hA5CltPpBPhlnzFcbViqdiImiqZ3ug6F/8cpsP
kbpB6coF8zwStXKhjfX3+1MPOUs5zIZve5rOZG+h4YBU20MD2W+UUdZ6ZBjA69EB
woo8PvpXcd+PDWeOdL7ddCt7K0i8F11XZZjfGx2D5g5gLVPHZjiRAlYAWC4S91eC
LsbQuOyIYqV4HKsbQVJxa+gJF+V+pOelrIyWzbe2TRu13plfsSNaKvFAP2oblmE4
ScX+T/z+YLo=
=kf6+
-----END PGP SIGNATURE-----