[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?

--- coderman <coderman@xxxxxxxxx> wrote:
> with a rogue exit node you also need to be aware of
> intentional injection of http://.  since google does

> not bind authenticated session cookies to ssl only 
> (secure only flag) you need to mitigate this
> otherwise, a single http://...google.com/ will
> your session cookie and permit session hijacking.

How is it going to inject anything into an https


Looking for last minute shopping deals?  
Find them fast with Yahoo! Search.  http://tools.search.yahoo.com/newsearch/category.php?category=shopping