[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warning about the TOR exit node "snailitper"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warning about the TOR exit node "snailitper"
From: coderman <coderman@xxxxxxxxx>
Date: Sat, 1 Sep 2007 01:45:45 -0700
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 01 Sep 2007 04:45:54 -0400
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=A2er9I8d4/jM+xRho0q21O8JCxEKadwULvIwUnQUylN3gKOhQUbb3t4B6NX71RWV27EsbDbuT+bef3IDdbGfP+HRO3SAOPJ6BT5/fFwKsXHmZJeiZOk+LguRGuknn+WLbanPH3g9chhLRpN2HOm/7xnPA37f1M/4iVkGh8YDmgc=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UqMY1xR/HuO2kNGLg1z6uVCKkytf/J5f7Sx9tpZ3ZFZ+irZqzI1u2qeu3eE331e0/2WAFIKBF85mZmdnGlKZ5GTJuliq8H32I++QH/xVL3cLKI6+1RXGWlFpMXxVFQF9cZcJAzjTo50ykv4uzZZ15+8QHEG4CGssJA0cGATd284=
In-reply-to: <46D91F39.2070701@xxxxxxxxxxxx>
References: <N1N-k52z_ixJ57@xxxxxxxxxxxxx> <46D91F39.2070701@xxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On 9/1/07, M <maillist@xxxxxxxxxxxx> wrote:
> ...
> Many times I got false certificates when connecting
> https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
> the middle attack, am I right?

very probably.  (this happens from time to time, and is one of the
reasons Snakes on a Tor and other such tools/scanners exist :)

> Once I saw that my girlfriend approved a false certificate when logging
> to her netbank, I'm glad I was there and told her to log out and
> explained the situation.

oops!  usable security is still nearly non existent these days, hard
to fault her too much...

> Btw, IE7 has a new way of warning users for false / self-signed /
> expired certificates. I think that this new way is better for end users
> than the old pop-up. Many end users just click yes without reading the
> question first. Maybe this new way is a little bit harsh for self-signed
> certificates?

it's also hard on certificate revocation lists.  but i digress...

> And yes, I know better than to use IE but many users still use it cause
> they don't know better.

IE should only be used with Tor in a transparent proxy configuration
(like JanusVM).  otherwise, the integration of various non-proxied
services with browser / document handlers in win32 API leaves you
vulnerable to side channels.

this may be elaborated on further in the future...

best regards,

References:
- Warning about the TOR exit node "snailitper"
  - From: force44
- Re: Warning about the TOR exit node "snailitper"
  - From: M

Prev by Author: Re: [Full-disclosure] Firefox 2.0.x: tracking unsuspecting users using TLS client certificates
Next by Author: Re: Directory server errors: can't connect
Previous by thread: Re: Warning about the TOR exit node "snailitper"
Next by thread: Want a faster Tor? Upgrade, inform others
Index(es):
- Author
- Thread