[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Holy shit I caught 1



Mike Perry wrote:
> I would have bet good money against this, but there actually IS a
> router on the tor network spoofing SSL certs. The router '1'
> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
> providing self-signed SSL certs for just about every SSL site you hit
> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
> 
> Let's hear it for paranoia! Hip hip hooray.
> 
> Is anyone else scanning? My list of hits on for this zip is awefully
> small.. It appears we may actually need to scan, folks. 
> 
> An assortment of SSL certs provided by this router is attached in a
> .zip file.
> 
> Go ahead and hit up https://addons.mozilla.org.1.exit with
> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
> notation), and be prepared to shit yourself. Does anyone know if
> firefox verifies cert sigs when downloading extension updates?
> 
> 

So does that mean that if I am trying to access an SSL enabled account
(say gmail or yahoo e-mail), the certificate is a spoofed one being
provided by the rogue tor node and therefore my login name and password
are therefore being provided in cleartext to the node operator?

Thanks.


---
avast! Antivirus: Outbound message clean.
Virus Database (VPS): 0635-1, 08/28/2006
Tested on: 8/30/2006 2:53:28 AM
avast! - copyright (c) 2000-2006 ALWIL Software.
http://www.avast.com