[HTTPS-Everywhere] Rule for Teamviewer
Nitrox
nitrox202 at gmail.com
Sun Nov 21 02:43:21 PST 2010
On 18 November 2010 23:56, Mike Perry <mikeperry at fscked.org> wrote:
>
> Be aware that without an additional securecookie rule, your cookies
> can still be stolen by an active attacker during this redirect:
> http://fscked.org/projects/cookiemonster
>
> An active attacker can also remove this redirect, as well, by
> intercepting the https traffic and serving it to you over http:
> http://www.thoughtcrime.org/software/sslstrip/
>
>
> --
> Mike Perry
> Mad Computer Scientist
> fscked.org evil labs
>
I have attached the updated rules with secure cookie rule. I wrote this rule
based on existing secure cookies rules in for various sites the git repo.
The documentation about how to write the rules hasn't been updated to
include secure cookies. Due you have any unoffical documentation about
secure cookies rules?
Can you verify the rule for secure cookie, whether it is right or not?
Thanks
--
Nitrox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101121/bba51020/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: Teamviewer.xml
Type: text/xml
Size: 268 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20101121/bba51020/attachment.xml>
More information about the HTTPS-everywhere
mailing list