[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Defeat Exit Node Sniffing?
--- coderman <coderman@xxxxxxxxx> wrote:
> with a rogue exit node you also need to be aware of
> intentional injection of http://. since google does
> not bind authenticated session cookies to ssl only
> (secure only flag) you need to mitigate this
> otherwise, a single http://...google.com/ will
> your session cookie and permit session hijacking.
How is it going to inject anything into an https
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping