What are some good ways to defeat exit node sniffing? Is there a listing of
good exit nodes that do not sniff?
Thanks,
defcon
There is no 100% sure way to know if an exit node is sniffing or not.
This is why everyone says use SSL ( HTTPS ).
On Thu, Jun 5, 2008 at 5:01 PM, defcon <[EMAIL PROTECTED]> wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing
> of good exit nodes that do not sniff?
On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> What are some good ways to defeat exit node sniffing? Is there a listing of
> good exit nodes that do not sniff?
> Thanks,
> defcon
Prefer TLS-enabled services, and mind the authenticity of server certs.
Or use Tor hidden services.
--
Ch
so what do you all suggest if I must authenticate to a non ssl connection?
How do I do it anonymously and safely?
On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <[EMAIL PROTECTED]> wrote:
> On Thu, Jun 05, 2008 at 05:01:34PM -0700, defcon wrote:
> > What are some good ways to defeat exit node
> so what do you all suggest if I must authenticate to a non ssl connection?
Don't do it :)
e 05, 2008 6:36 PM
To: or-talk@freehaven.net
Subject: Re: How do we defeat exit node sniffing?
so what do you all suggest if I must authenticate to a non ssl connection?
How do I do it anonymously and safely?
On Thu, Jun 5, 2008 at 5:37 PM, Christopher Davis <[EMAIL PROTECTED]> wrote:
On
you have to try to do the authentication with SSL/TLS. if not, your username
and your password will be sent to the exit nodes first, and that's really
terrible!
2008/6/6, defcon <[EMAIL PROTECTED]>:
>
> so what do you all suggest if I must authenticate to a non ssl connection?
> How do I do it ano
for http connections im worried about cookie sidejacking as well since some
sites only authenticate via https and set a cookie, what can we do in this
regard?
On Thu, Jun 5, 2008 at 7:08 PM, Xizhi Zhu <[EMAIL PROTECTED]> wrote:
> you have to try to do the authentication with SSL/TLS. if not, your
have to do your
own investigations and come up with your own list.
Wesley
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Behalf Of defcon
Sent: June 5, 2008 6:36 PM
To: or-talk@freehaven.net
Subject: Re: How do we defeat exit node sniffing?
so what do yo
On Thu, 05 Jun 2008 21:49:05 -0700 Wesley Kenzie <[EMAIL PROTECTED]>
rudely top-posted (if you'll pardon that redundancy):
>I think you could make a case for trusting 1 or a handful of exit nodes, =
>and
>use ExitNodes abc and StrictExitNodes 1 to make sure you only use those =
>for
>sensitive
defcon wrote:
so what do you all suggest if I must authenticate to a non ssl
connection? How do I do it anonymously and safely?
Apply the same security measures necessary to authenticate a non-SSL
connection without the use of Tor.
Why do you think it would be embarrassing? I'm fairly certain that some
exit nodes have been setup as "research" projects.
On Thu, 2008-06-05 at 21:49 -0700, Wesley Kenzie wrote:
>
> Or BostonUCompSci? It would be kind of embarrassing to Boston
> University wouldn't it, if they were found to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
defcon @ 2008/06/06 01:35:
> so what do you all suggest if I must authenticate to a non ssl
> connection? How do I do it anonymously and safely?
>
to do it anonymously, i recommend creating a new account using a new,
anonymous e-mail (if required
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
defcon @ 2008/06/06 02:20:
> for http connections im worried about cookie sidejacking as well since
> some sites only authenticate via https and set a cookie, what can we do
> in this regard?
>
there's nothing to do in this case either. you have t
It also depends on what you are using Tor for.
If you are checking your e-mail (or whatever) that is associated with your
real identity, then use only HTTPS.
But if you are checking a different e-mail account that you have (1) setup
over Tor and (2) only use for anonymous purposes, then you run a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
defcon wrote:
> so what do you all suggest if I must authenticate to a non ssl
> connection? How do I do it anonymously and safely?
>
(snip)
AFAIK, you can't.
However, there are three personal rules I stick to, when using accounts
which need a lo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Kyle Williams wrote:
(snip)
> Remember, just because your traffic is anonymous doesn't mean it's
> private. So if you say "This is John Smith and my SSN is xxx-xx-"
> or whatever over an anonymous connection to a blog or forum, then you
> are as
F. Fox wrote:
defcon wrote:
so what do you all suggest if I must authenticate to a non ssl
connection? How do I do it anonymously and safely?
(snip)
AFAIK, you can't.
However, there are three personal rules I stick to, when using accounts
which need a login through Tor. They may or may no
On Mon, 09 Jun 2008 20:51:10 -0700 Jack Straw <[EMAIL PROTECTED]>
wrote:
>F. Fox wrote:
>> defcon wrote:
>>> so what do you all suggest if I must authenticate to a non ssl
>>> connection? How do I do it anonymously and safely?
>>
>> (snip)
>>
>> AFAIK, you can't.
>>
>> However, there are t
Scott Bennett wrote:
On Mon, 09 Jun 2008 20:51:10 -0700 Jack Straw <[EMAIL PROTECTED]>
wrote:
F. Fox wrote:
defcon wrote:
so what do you all suggest if I must authenticate to a non ssl
connection? How do I do it anonymously and safely?
(snip)
AFAIK, you can't.
However, there are thr
On Mon, 09 Jun 2008 23:11:35 -0700 Jack Straw <[EMAIL PROTECTED]>
wrote:
[duplicate copy of previous postings deleted --SB]
>Scott Bennett wrote:
> > On Mon, 09 Jun 2008 20:51:10 -0700 Jack Straw
><[EMAIL PROTECTED]>
> > wrote:
> >> F. Fox wrote:
> >>> defcon wrote:
> so what
Jack Straw wrote:
I have a question about that, which has puzzled me for quite some time.
Perhaps I'm being too rigid in regards to this.
I have a Gmail account that was created through Tor.
I should say, that this anonymous account is a test account. I use it
for no sensitive communications, h
22 matches
Mail list logo
