Bitcoin Forum
December 08, 2016, 12:22:53 AM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: [1]
  Print  
Author Topic: Question!  (Read 1403 times)
ones51
Member
**
Offline Offline

Activity: 70


View Profile
July 21, 2011, 07:57:54 AM
 #1

Is it dangerous to use tradehill, mtgox, etc.....on tor?
1481156573
Hero Member
*
Offline Offline

Posts: 1481156573

View Profile Personal Message (Offline)

Ignore
1481156573
Reply with quote  #2

1481156573
Report to moderator
1481156573
Hero Member
*
Offline Offline

Posts: 1481156573

View Profile Personal Message (Offline)

Ignore
1481156573
Reply with quote  #2

1481156573
Report to moderator
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481156573
Hero Member
*
Offline Offline

Posts: 1481156573

View Profile Personal Message (Offline)

Ignore
1481156573
Reply with quote  #2

1481156573
Report to moderator
johanatan
Member
**
Offline Offline

Activity: 84


View Profile
July 21, 2011, 08:45:59 AM
 #2

Is it dangerous to use tradehill, mtgox, etc.....on tor?

is isn't dangerous on tor but i've heard that it can be a beast on acid.

1GjRUzZfDCBHeCyJk6av3pXYS9VKjCvQTQ
ones51
Member
**
Offline Offline

Activity: 70


View Profile
July 21, 2011, 09:42:59 AM
 #3

wtf? was that a joke?  Huh
cryptoanarchist
Hero Member
*****
Offline Offline

Activity: 896



View Profile
July 21, 2011, 03:10:25 PM
 #4

No. Why would it be?

It is, however, very difficult since most exit node IPs on the Tor network have been banned by those sites.
riceberry
Hero Member
*****
Offline Offline

Activity: 487


I'm proto


View Profile
July 21, 2011, 07:24:41 PM
 #5

It's dangerous to go alone......



take this:

1rbgakDLF3nuErQtRTfpRUn1aYKXBJun2

let the coins flow through you
fitty
Full Member
***
Offline Offline

Activity: 238


View Profile
July 21, 2011, 09:13:35 PM
 #6

Is it dangerous to use tradehill, mtgox, etc.....on tor?

If it's https it's pretty secure.

If it's http then it is possible for a tor node to sniff the data. Anything you send over http would be visible. Which means logging into a site that doesn't use https you'd expose your login/password. TradeHill, MtGox all use https so that's not a problem. Gmail is 100% https now I believe also. All banks are https.

This forum only uses https for your login. Which means people could sniff your cookie while you browse/post.

Anyway, as long as it's https then you're fine. Anything non-https is less secure then your internet connection at home. The odds of someone sniffing one of your exit nodes, is probably pretty slim.
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 22, 2011, 01:38:40 AM
 #7

This forum only uses https for your login. Which means people could NOT sniff your cookie while you browse/post.

Fixed. Smiley

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
July 23, 2011, 10:49:27 AM
 #8

Fixed. Smiley
Nope, fitty had it right the first time. The login is over https and this stops anyone sniffing your password (so long as you check it is actually https and not http before you enter it), but viewing topics and posting is done over unencrypted http. This means that the cookie used to authenticate you after you've logged in is also sent unencrypted over http and anyone who's sniffing your traffic can clone your cookie and gain access to your account.

This is exactly what the infamous Firesheep extension for Firefox allows an attacker to do; a lot of sites have this issue.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
error
Hero Member
*****
Offline Offline

Activity: 574



View Profile
July 23, 2011, 05:34:53 PM
 #9

Fixed. Smiley
Nope, fitty had it right the first time. The login is over https and this stops anyone sniffing your password (so long as you check it is actually https and not http before you enter it), but viewing topics and posting is done over unencrypted http. This means that the cookie used to authenticate you after you've logged in is also sent unencrypted over http and anyone who's sniffing your traffic can clone your cookie and gain access to your account.

This is exactly what the infamous Firesheep extension for Firefox allows an attacker to do; a lot of sites have this issue.

I don't know how you're doing that. Every single access I make to the forum is through https.

15UFyv6kfWgq83Pp3yhXPr8rknv9m6581W
trentzb
Sr. Member
****
Offline Offline

Activity: 406


View Profile
July 23, 2011, 05:58:54 PM
 #10

This forum only uses https for your login. Which means people could sniff your cookie while you browse/post.

No need to sniff it, sometimes people just post their cookie publicly.

http://forum.bitcoin.org/index.php?topic=31094.msg391155#msg391155
fitty
Full Member
***
Offline Offline

Activity: 238


View Profile
July 24, 2011, 10:23:31 AM
 #11

Fixed. Smiley
Nope, fitty had it right the first time. The login is over https and this stops anyone sniffing your password (so long as you check it is actually https and not http before you enter it), but viewing topics and posting is done over unencrypted http. This means that the cookie used to authenticate you after you've logged in is also sent unencrypted over http and anyone who's sniffing your traffic can clone your cookie and gain access to your account.

This is exactly what the infamous Firesheep extension for Firefox allows an attacker to do; a lot of sites have this issue.

I don't know how you're doing that. Every single access I make to the forum is through https.

Because your bookmark is https.

Google bitcoin forum. Click the http:// link. If you set "remember me" when you logged it, you're on the forum, logged in, on http. The only way to get https is by going through a https link back to the forum.

The forum should force https plain and simple. With the amount of attacks, trojans, wallet stealers, it's a pretty simple fix. The extra load on the server is minor and it gives a lot of security. Global SSL cert is like 195 bucks a year.

Crypto virtual currency network and the wallet/website are unencrypted.
makomk
Hero Member
*****
Offline Offline

Activity: 686


View Profile
July 27, 2011, 10:25:24 PM
 #12

Because your bookmark is https.

Google bitcoin forum. Click the http:// link. If you set "remember me" when you logged it, you're on the forum, logged in, on http. The only way to get https is by going through a https link back to the forum.
Exactly - if you start on http, all the links are to the http version, and if you start on https all the links are https. Which has a more subtle but nasty security issue: even if you consistently view the forum over https, an active attacker that can modify your network requests can inject content into the next http page you view so that it causes a http request to the forum (for example an img tag referencing http://forum.bitcoin.org) and obtain your unencrypted cookie from that request. This is well within the capabilities of some Tor exit node owners.

Quad XC6SLX150 Board: 860 MHash/s or so.
SIGS ABOUT BUTTERFLY LABS ARE PAID ADS
Pages: [1]
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!