They would send the same cookies - but packet length would be different also, so as I understand you'd need to open each URL at least twice to make one brute force attempt.

I agree that if attacker is already sitting in the middle of your traffic, and moreover can direct you to his malicious site, there are a lot of other attack vectors to worry about.

You mean it is possible to force loading of the parent URL from cross-domain child? I was under impression that it won't work without specific code to support that on the parent side.

It seems that the attack requires the victim to load the same page many times, in order to measure differences in packet length? In real life, how often one visits the same page (and this page doesn't change)? If I understand this correctly, the attack will be very slow in real life, apart from some specific cases where user visits a website which reloads itself continuously.

Also, in this day and age, would anyone trust authenticated sites which do not use https? These sites themselves are the main problem.

Perl simply throws your incompetence straight in your face, while other languages will not hurt your ego so much.

Yes guys & gals, complex constructs will take time to grasp. In return, Perl allows to write good & compact code and professionals will understand it much quicker compared to other languages, simply due to a smaller amount of code they have to read.

This story made me realize that I have been following Slashdot since 1998, e.g. ~57% of my life. Wow, what a waste. :)

Seriously, CmdrTaco, congrats. It must be special to be part of something that has literally changed the world.

P.S. And it sucks to be in the 4 digit UID club.

Your best handset for freedom is the one which does not pass through the government-controlled networks. E.g., Iridium, Globalstar, Thuraya. I'm sure that this is the way at least some of the information is leaking out to the West. If somebody catches you with it - well, don't let them do that. Newer handsets are pretty small and look like normal mobile phones.