[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?



--- coderman <coderman@xxxxxxxxx> wrote:
> with a rogue exit node you also need to be aware of
> intentional injection of http://.  since google does

> not bind authenticated session cookies to ssl only 
> (secure only flag) you need to mitigate this
yourself. 
> otherwise, a single http://...google.com/ will
expose
> your session cookie and permit session hijacking.

How is it going to inject anything into an https
stream?

-Martin



      ____________________________________________________________________________________
Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping