[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Holy shit I caught 1
From: Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx>
Date: Sun, 27 Aug 2006 22:42:29 -0400
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Sun, 27 Aug 2006 22:42:37 -0400
In-reply-to: <1678628141.20060827210802@gmail.com>
References: <20060828012406.GG23188@fscked.org> <827834628.20060827205649@gmail.com> <44F24D13.3050805@ip-solutions.net> <1678628141.20060827210802@gmail.com>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Thunderbird 1.5.0.5 (X11/20060719)

Hmm,

Point taken. I guess I hadn't realized that that many windows users are
running tor clients.

At work we are considering "quizzing" users for certain facts regarding
network operations. Nothing major, just a, "hey, you need to understand
the risks of running p2p software".

Perhaps something in the help of tips section of the tor d/l page, the
apps that the non-technical folks are running, etc.?

--Harry

Arrakistor wrote:
> Harry,
> 
> Just how do you expect the average windows user to know how to check ssl
> certifications? That is now the level of the people using tor.
> 
> Regards,
>  Arrakistor
> 
> Sunday, August 27, 2006, 8:55:31 PM, you wrote:
> 
>> Hopefully the people using Tor would be "clued in" enough to check their
>> certs. <shrug>
> 
> 
> 
>> Arrakistor wrote:
>>> Amazing(ly bad). Perhaps we need some sort of monster programs
>>> stalking through the system to check for things like this.
>>>
>>> What I would like to know is how long the router on the node has been
>>> spoofing the certs. Did this only come after we discussed the
>>> possibility? If not, how fast can we fix this? Further, what else
>>> aren't we thinking about?
>>>
>>> Regards,
>>>  Arrakistor
>>>
>>> Sunday, August 27, 2006, 8:24:06 PM, you wrote:
>>>
>>>> I would have bet good money against this, but there actually IS a
>>>> router on the tor network spoofing SSL certs. The router '1'
>>>> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
>>>> providing self-signed SSL certs for just about every SSL site you hit
>>>> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
>>>> Let's hear it for paranoia! Hip hip hooray.
>>>> Is anyone else scanning? My list of hits on for this zip is awefully
>>>> small.. It appears we may actually need to scan, folks. 
>>>> An assortment of SSL certs provided by this router is attached in a
>>>> .zip file.
>>>> Go ahead and hit up https://addons.mozilla.org.1.exit with
>>>> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
>>>> notation), and be prepared to shit yourself. Does anyone know if
>>>> firefox verifies cert sigs when downloading extension updates?
>>>
>>>
>

References:
- Holy shit I caught 1
  - From: Mike Perry
- Re: Holy shit I caught 1
  - From: Arrakistor
- Re: Holy shit I caught 1
  - From: Harry Hoffman
- Re[2]: Holy shit I caught 1
  - From: Arrakistor

Prev by Author: Re: Holy shit I caught 1
Next by Author: Re: Skype Call Traced
Previous by thread: Re[2]: Holy shit I caught 1
Next by thread: Re: Holy shit I caught 1
Index(es):
- Author
- Thread