* Robert Hogan schrieb am 2008-03-16 um 21:25 Uhr: > 3. Tor Connectivity Test Image > > <IMG src="http://torproject.org/[uniquesessionid]-torlogo.jpg"; alt="If you I woould suggest using HTTPS here. Assuming Alice has a misconfigured Tor-Software and mallory wants to trick her. He can set up a DNS wildcard and redirect the traffic from point 1 to his servers. They send the appropriate image. He redirects http://www.torproject.org/[uniquesessionid].jpg to the appropriate image and does this also with the above image. So Alice sees a website which basically tells her that everything is fine. When the last point uses HTTPS, Mallory can use some MITM, but normally Alices browser should tell her that something isn't going well here. Besten Gruß -- Jens Kubieziel http://www.kubieziel.de FdI#212: Qualifizierter Support Ein Schuldiger kann benannt werden. (Martin Schmitt)
Attachment:
signature.asc
Description: Digital signature