[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Defeat Exit Node Sniffing?

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Defeat Exit Node Sniffing?
From: coderman <coderman@xxxxxxxxx>
Date: Wed, 5 Mar 2008 16:58:35 -0800
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Wed, 05 Mar 2008 19:58:42 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; bh=9Ir0pv23sNNK7fYbNFwrajCG7ObZ5v133VvSd9AKdTU=; b=nuUQEto6dmGk+vfzrGuaSNim5qFbgJzFSBue2EpZteKww50NTbM2IFAx6ydeeLQsbv909Kwd0TYX9sCzQQLVna6vrwNjGPBg4RSVKgUo3bLemGGp5W+BB3XW5gpW4JHrwyZWGJ9bhJE+6hJKiN2CLMUo6dKCVZnnkRg0WBu5PQw=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=eJCuaaCeIg8T+rfQ+I0yWLbrIBHUycX1OKy4VkjpiZ/i34neh0dwuhrfJ7fJGjtxPVukfjswkR/+dfrjIeAWaOON58gzAlFxNoF3HbWjn+IbeNwaJ3AdXWQldOCmrsCNYhEt5T8vKcr+5KoYsC8DoHZpUbN3Qit8HqAnXZYUi50=
In-reply-to: <47CF3C31.1070806@xxxxxxxxxx>
References: <a45400c30803021230x47297f81t1901918c4910e48c@xxxxxxxxxxxxxx> <20080302211557.GL10785@xxxxxxxxxxxxxxxx> <47CB3B40.3050408@xxxxxxxxxx> <a45400c30803021802w2d47598ds19f4ac3dc0664b91@xxxxxxxxxxxxxx> <47CF3120.7030302@xxxxxxxxxx> <20080306000540.GM15886@xxxxxxxxxxxxxxxx> <47CF3C31.1070806@xxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Wed, Mar 5, 2008 at 4:34 PM, scar <scar@xxxxxxxxxx> wrote:
> ...
>  there was no bug in the add-on; i saw the change to the cookie take
>  place.  it is a problem with the website/webmaster.

the modification (secure only = true) must be made with every updated
expiration / set cookie received, otherwise a session refresh / save
will save without the secure only option enforced.

it might be easiest to extend the existing modify headers extension to
alter incoming cookie parameters...  (and if you find out, document in
the wiki :)

References:
- Defeat Exit Node Sniffing?
  - From: defcon
- Re: Defeat Exit Node Sniffing?
  - From: Chris Palmer
- Re: Defeat Exit Node Sniffing?
  - From: scar
- Re: Defeat Exit Node Sniffing?
  - From: defcon
- Re: Defeat Exit Node Sniffing?
  - From: scar
- Re: Defeat Exit Node Sniffing?
  - From: Chris Palmer
- Re: Defeat Exit Node Sniffing?
  - From: scar

Prev by Author: Re: I am at my wits end, I cant register for account at digg.com using tor
Next by Author: Re: Gmail/SSL
Previous by thread: Re: Defeat Exit Node Sniffing?
Next by thread: Re: Defeat Exit Node Sniffing?
Index(es):
- Author
- Thread