[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] SSL Visibility Appliance

To: tor-talk@xxxxxxxxxxxxxxxxxxxx
Subject: Re: [tor-talk] SSL Visibility Appliance
From: Dedalo Galdos <seguridadblanca@xxxxxxxxx>
Date: Wed, 3 Dec 2014 11:04:25 -0500
Delivered-to: archiver@xxxxxxxx
Delivery-date: Wed, 03 Dec 2014 11:04:36 -0500
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=nIS/SpUGN/4AFC4uChmhlpoh5OCGlvmwiCjffpWg8wA=; b=gi6fnuUqNIPYrMyIqYEG0jJMDxpjXscDEtZg4VvzsZN1mlUV5cpngVwQ4oG2Lfuz9D W1fv/CrQ8811ZyhYtVEBhfF/fxqfTfQV2xif/zJhovF1sfE6VdMDqxRO5D1fgiRTsFF3 9sQ3Vl1FTqUhfVjcVRHNXprWOl4VNvgTkFRGF03o+oLA1qeI5MEme0D9tN30bChpRbVv lcO2zZ37B4EiwT7p7lxZr5k7xTE7UaiRbCM6nW48E1ZWLCdY9i+WgNn8mA7uFsQNgTrm GudmcUHKgN9SNqDXviwPD+81xSDMKuD7jEqczWMMuSfjUkewRLqDEyuSasXp3iIQDpPr iXeg==
In-reply-to: <CAJJJ=-wsvvzjUV0D_Td1tgJ-3gwsb9M7XR_Qoag9+edmtkBGhg@xxxxxxxxxxxxxx>
List-archive: <http://lists.torproject.org/pipermail/tor-talk/>
List-help: <mailto:tor-talk-request@lists.torproject.org?subject=help>
List-id: "all discussion about theory, design, and development of Onion Routing" <tor-talk.lists.torproject.org>
List-post: <mailto:tor-talk@lists.torproject.org>
List-subscribe: <https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=subscribe>
List-unsubscribe: <https://lists.torproject.org/cgi-bin/mailman/options/tor-talk>, <mailto:tor-talk-request@lists.torproject.org?subject=unsubscribe>
References: <CAMCUc++ub8fF6tRp5tFJ+CEBMJNe17v93VNz-3=hOOV7PZTAxA@xxxxxxxxxxxxxx> <CAJJJ=-wsvvzjUV0D_Td1tgJ-3gwsb9M7XR_Qoag9+edmtkBGhg@xxxxxxxxxxxxxx>
Reply-to: tor-talk@xxxxxxxxxxxxxxxxxxxx
Sender: "tor-talk" <tor-talk-bounces@xxxxxxxxxxxxxxxxxxxx>

Thanks for the answer, I was a little amazed by the demo videos.


Regards,
Dedalo.

2014-12-03 10:50 GMT-05:00 Akademika Aka <akademiker1@xxxxxxxxxxxxxx>:

> You need to install the sniffers CA certificate to allow them to break your
> TLS connections or you need to hack a trusted CA to create some wildcard
> ones (Comodo incident). Some software like Chrome also uses cert pinning,
> so only a hardcoded cert is allowed. Afaik Tor uses hardcoded certs for the
> dir authority and relay certs are signed by dir authority, so this
> technology wouldn't be able to sniff Tor traffic, even if you voluntarly
> install their CA on your machine.
> On Dec 3, 2014 3:55 PM, "Dedalo Galdos" <seguridadblanca@xxxxxxxxx> wrote:
>
> > Last saturday during my Tor Talk in a Security Barcamp someone asked me
> > about this technology which I really don't have much information so I
> want
> > to share the link in case someone in here has any experience with this. I
> > heard some ISPs are using this in some countries to break into people's
> ssl
> > connections.
> >
> > https://www.bluecoat.com/products/ssl-visibility-appliance
> >
> >
> > Regards,
> > Dedalo.
> >
> > --
> > Scripter, Pentester N' Independent Security Researcher.
> >
> > Blog: Seguridad Blanca <http://blog.dedalo.in>
> > Twitter: @SeguridadBlanca <http://www.twitter.com/SeguridadBlanca>
> > --
> > tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> > To unsubscribe or change other settings go to
> > https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
> >
> --
> tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
> To unsubscribe or change other settings go to
> https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
>



-- 
Scripter, Pentester N' Independent Security Researcher.

Blog: Seguridad Blanca <http://blog.dedalo.in>
Twitter: @SeguridadBlanca <http://www.twitter.com/SeguridadBlanca>
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk

References:
- [tor-talk] SSL Visibility Appliance
  - From: Dedalo Galdos
- Re: [tor-talk] SSL Visibility Appliance
  - From: Akademika Aka

Prev by Author: [tor-talk] SSL Visibility Appliance
Next by Author: Re: [tor-talk] My relay isn't being listed in Atlas or Globe?
Previous by thread: Re: [tor-talk] SSL Visibility Appliance
Next by thread: [tor-talk] Blockchain.info Tor Hidden Service + Signed Certificate
Index(es):
- Author
- Thread