[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

[tor-relays] unflagged BAD EXIT nodes

To: tor-relays@xxxxxxxxxxxxxxxxxxxx
Subject: [tor-relays] unflagged BAD EXIT nodes
From: starlight.2015q2@xxxxxxxxxxx
Date: Thu, 02 Jul 2015 22:22:21 -0400
Delivered-to: archiver@xxxxxxxx
Delivery-date: Thu, 02 Jul 2015 23:03:29 -0400
List-archive: <http://lists.torproject.org/pipermail/tor-relays/>
List-help: <mailto:tor-relays-request@lists.torproject.org?subject=help>
List-id: "support and questions about running Tor relays \(exit, non-exit, bridge\)" <tor-relays.lists.torproject.org>
List-post: <mailto:tor-relays@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-relays>, <mailto:tor-relays-request@lists.torproject.org?subject=unsubscribe>
Reply-to: tor-relays@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-relays" <tor-relays-bounces@xxxxxxxxxxxxxxxxxxxx>

Could someone comment on why 15 exit nodes
discovered to be sniffing and abusing login
credentials have not been marked with the
BAD EXIT flag?

The research appears to be legitimate, involved
a good deal of effort, and seems credible:

https://chloe.re/2015/06/20/a-month-with-badonions/

was blogged by Sophos, also credible

https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/

Is there an issue of trust w/r/t this
security researcher?  An issue of methodology
and/or reproducibility?  A shortage of
resources to follow up?  An investigation
attempting to identify the operators?

The researcher writes that they received a
polite reply from and was summarily ignored
with no further comment.  AND the exits
continue to steal and abuse credentials.
If true this would be contrary to the
inclusiveness generally exhibited by
the Tor Project.

IMO a likely password-stealing exit should be
marked-first, questions asked later.  If
some kind of mix-up or mistake has occurred,
a good operator should readily be able to
defend themselves and not feel ruffled
for it.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

Follow-Ups:
- Re: [tor-relays] unflagged BAD EXIT nodes
  - From: starlight . 2015q2

Prev by Author: Re: [tor-relays] More consensus weight problems
Next by Author: Re: [tor-relays] unflagged BAD EXIT nodes
Previous by thread: Re: [tor-relays] More consensus weight problems
Next by thread: Re: [tor-relays] unflagged BAD EXIT nodes
Index(es):
- Author
- Thread