[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Moxie Marlinspike



Another good reason to keep ExcludeNodes.

praedor

On Thursday 19 February 2009 07:15:47 Scott Bennett wrote:
>      On Thu, 19 Feb 2009 07:17:04 -0500 Erilenz <erilenz@xxxxxxxxx> wrote:
> >http://blog.internetnews.com/skerner/2009/02/black-hat-hacking-ssl-with-ssl.html
> >
> >There's nothing in there that we didn't already know was possible, and I realise
> >it's not a Tor specific flaw. I just read this paragraph and thought I'd pass it
> >on here:
> >
> >"Marlinspike also claimed that in a limited 24 hour test case running on the
> >anonymous TOR network (and without actually keeping any personally identifiable
> >information) he intercepted 114 yahoo logins â 50 gmail logins, 9 paypal, 9 
> >inkedin and 3 facebook. So apparently the tool works - and works well."
> 
>      Thank you very much for pointing out yet another unscrupulous exit
> operator.  I've just added
> 
> ExcludeExitNodes thoughtcrime,$1E6882D9AB86DA56C48BDE96698B8F8AF81FD707
> 
> to my torrc file.
> >
> >Lots of people simply don't know how to use Tor safely.
> 
>      Very true, but then, lots of people simply don't know how to use the
> Internet safely.  Lots of people don't bother to buy and use a paper shredder
> to dispose of sensitive USnail safely.
> >
> >I wonder if something could/should be built into TorButton to force a list of
> >commonly used services to go entirely over https? Eg any request for
> >^http://mail\.google\.com/.*$
> >
> >Also, how feasible would it be to add a popup which says something along the
> >lines of:
> >
> >"You are about to post unencrypted data over the Tor network. Are you sure you
> >wish to proceed?"
> 
>      It's looks like a good idea, but what about pop-up blockers?  Maybe it
> should be built into browsers, perhaps enabled as a configurable option turned
> on by default.
> 
> 
>                                   Scott Bennett, Comm. ASMELG, CFIAG
> **********************************************************************
> * Internet:       bennett at cs.niu.edu                              *
> *--------------------------------------------------------------------*
> * "A well regulated and disciplined militia, is at all times a good  *
> * objection to the introduction of that bane of all free governments *
> * -- a standing army."                                               *
> *    -- Gov. John Hancock, New York Journal, 28 January 1790         *
> **********************************************************************
> 
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on lapdog.ravenhome.net
> X-Spam-Level: ******
> X-Spam-Status: No, score=6.7 required=8.0 tests=EMPTY_MESSAGE,MISSING_DATE,
> 	MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
> 	NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.5
> Learned tokens from 1 message(s) (1 message(s) examined)
> 
> X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on lapdog.ravenhome.net
> X-Spam-Level: ******
> X-Spam-Status: No, score=6.7 required=8.0 tests=EMPTY_MESSAGE,MISSING_DATE,
> 	MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED,
> 	NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.5
> Learned tokens from 1 message(s) (1 message(s) examined)
> 
> 

-- 
"An imbalance between rich and poor is the oldest and most fatal ailment of all republics."
--Plutarch

Attachment: signature.asc
Description: This is a digitally signed message part.