Defeat Exit Node Sniffing?
Martin Fick
mogulguy at yahoo.com
Mon Mar 3 23:17:04 UTC 2008
--- coderman <coderman at gmail.com> wrote:
> with a rogue exit node you also need to be aware of
> intentional injection of http://. since google does
> not bind authenticated session cookies to ssl only
> (secure only flag) you need to mitigate this
yourself.
> otherwise, a single http://...google.com/ will
expose
> your session cookie and permit session hijacking.
How is it going to inject anything into an https
stream?
-Martin
____________________________________________________________________________________
Looking for last minute shopping deals?
Find them fast with Yahoo! Search. http://tools.search.yahoo.com/newsearch/category.php?category=shopping
More information about the tor-talk
mailing list