[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Holy shit I caught 1
- To: Mike Perry <or-talk@xxxxxxxxxxxxx>
- Subject: Re: Holy shit I caught 1
- From: Arrakistor <arrakistor@xxxxxxxxx>
- Date: Sun, 27 Aug 2006 20:56:49 -0500
- Delivered-to: email@example.com
- Delivered-to: firstname.lastname@example.org
- Delivered-to: email@example.com
- Delivery-date: Sun, 27 Aug 2006 21:53:01 -0400
- Domainkey-signature: a=rsa-sha1; q=dns; c=nofws; s=beta; d=gmail.com; h=received:date:from:x-mailer:reply-to:organization:x-priority:message-id:to:subject:in-reply-to:references:mime-version:content-type:content-transfer-encoding; b=A8mWomuPaoo2SzEmogpUgDOkejvgOsk3S0wcNOrSO0t7+/Mk6pwIaCezYnF8qYkLK6kP7u+ST8V155qEhfOLkgldZdznhWmyKyNTQd5+TjWHy9YxRAT9jcLIGR3jVdAM0RG0ontf+anGfeCuRl0dJxPpVFI4Ziexbnux8R4Lx7w=
- In-reply-to: <20060828012406.GG23188@fscked.org>
- Organization: Torpark
- References: <20060828012406.GG23188@fscked.org>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
Amazing(ly bad). Perhaps we need some sort of monster programs
stalking through the system to check for things like this.
What I would like to know is how long the router on the node has been
spoofing the certs. Did this only come after we discussed the
possibility? If not, how fast can we fix this? Further, what else
aren't we thinking about?
Sunday, August 27, 2006, 8:24:06 PM, you wrote:
> I would have bet good money against this, but there actually IS a
> router on the tor network spoofing SSL certs. The router '1'
> (188.8.131.52 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
> providing self-signed SSL certs for just about every SSL site you hit
> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
> Let's hear it for paranoia! Hip hip hooray.
> Is anyone else scanning? My list of hits on for this zip is awefully
> small.. It appears we may actually need to scan, folks.
> An assortment of SSL certs provided by this router is attached in a
> .zip file.
> Go ahead and hit up https://addons.mozilla.org.1.exit with
> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
> notation), and be prepared to shit yourself. Does anyone know if
> firefox verifies cert sigs when downloading extension updates?