Re: Holy shit I caught 1

[Harry Hoffman <hhoffman@xxxxxxxxxxxxxxxx>]

Hopefully the people using Tor would be "clued in" enough to check their
certs. <shrug>



Arrakistor wrote:
> Amazing(ly bad). Perhaps we need some sort of monster programs
> stalking through the system to check for things like this.
> 
> What I would like to know is how long the router on the node has been
> spoofing the certs. Did this only come after we discussed the
> possibility? If not, how fast can we fix this? Further, what else
> aren't we thinking about?
> 
> Regards,
>  Arrakistor
> 
> Sunday, August 27, 2006, 8:24:06 PM, you wrote:
> 
>> I would have bet good money against this, but there actually IS a
>> router on the tor network spoofing SSL certs. The router '1'
>> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
>> providing self-signed SSL certs for just about every SSL site you hit
>> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
> 
>> Let's hear it for paranoia! Hip hip hooray.
> 
>> Is anyone else scanning? My list of hits on for this zip is awefully
>> small.. It appears we may actually need to scan, folks. 
> 
>> An assortment of SSL certs provided by this router is attached in a
>> .zip file.
> 
>> Go ahead and hit up https://addons.mozilla.org.1.exit with
>> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
>> notation), and be prepared to shit yourself. Does anyone know if
>> firefox verifies cert sigs when downloading extension updates?
> 
> 
>