[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Malicious Exit Nodes?
Thus spake Hideki Saito (hidekis@xxxxxxxxx):
> If it is AIM, you can type "1" when that message appears to force
> logoff people in other connection.
That may solve the problem of stolen messages after you log back in,
but what about while you are offline.
Is this "keeping a connection open" actually a property of Tor? Or is
it some bug? Or do we actually have rogue exit nodes operating here?
Should I make some effort to make a list of exits this happens for?
> 2005/8/4, Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx>:
> > Mike,
> > Yep, it happens quite frequently to me. I haven't been able to investigate
> > yet so I don't IM thru tor right now :-(
> > but remember that if someone wanted to they can steal your creds on their
> > exit node.
> > Cheers,
> > Harry
> > On Thu, 4 Aug 2005, Mike Perry wrote:
> > > Is anyone else experiencing issues with remaining logged on to AIM
> > > (specifically gaim) after signing off when using Tor? For some reason
> > > even after explicitly going to signoff, my screenname remains online
> > > and I lose IMs. When I go to sign on again I get the annoying "Your
> > > AIM account is being used in another location", sometimes even hours
> > > later.
> > >
> > > I don't really know the AIM protocol, but doesn't it log you out
> > > automatically normally as soon as the TCP connection dies? Perhaps Tor
> > > isn't properly terminating randomly dropped circuits? But what about
> > > when I deliberately go to signoff?
> > >
> > > This is obviously distressing, because what is to stop someone from
> > > say, intercepting and then dropping my logoff at an exit server and
> > > then keeping the connection alive to recieve copies of my IMs..
> > >
> > > --
> > > Mike Perry
> > > Mad Computer Scientist
> > > fscked.org evil labs
> > >
> Hideki Saito mailto: hidekis@xxxxxxxxx
Mad Computer Scientist
fscked.org evil labs