[HTTPS-Everywhere] Rule for Teamviewer
Mike Perry
mikeperry at fscked.org
Thu Nov 18 15:56:22 PST 2010
Thus spake Nitrox (nitrox202 at gmail.com):
> I have attached rule for teamviewer.com with this email.
>
> login.teamviewer.com forwards to wa103.teamviewer.com. It automatically adds
> https even if i try to remove s from https. I dont think we would need to
> add that to the rule.
Be aware that without an additional securecookie rule, your cookies
can still be stolen by an active attacker during this redirect:
http://fscked.org/projects/cookiemonster
An active attacker can also remove this redirect, as well, by
intercepting the https traffic and serving it to you over http:
http://www.thoughtcrime.org/software/sslstrip/
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101118/93609975/attachment.sig>
More information about the HTTPS-everywhere
mailing list