Another good reason to keep ExcludeNodes. praedor On Thursday 19 February 2009 07:15:47 Scott Bennett wrote: > On Thu, 19 Feb 2009 07:17:04 -0500 Erilenz <erilenz@xxxxxxxxx> wrote: > >http://blog.internetnews.com/skerner/2009/02/black-hat-hacking-ssl-with-ssl.html > > > >There's nothing in there that we didn't already know was possible, and I realise > >it's not a Tor specific flaw. I just read this paragraph and thought I'd pass it > >on here: > > > >"Marlinspike also claimed that in a limited 24 hour test case running on the > >anonymous TOR network (and without actually keeping any personally identifiable > >information) he intercepted 114 yahoo logins â 50 gmail logins, 9 paypal, 9 > >inkedin and 3 facebook. So apparently the tool works - and works well." > > Thank you very much for pointing out yet another unscrupulous exit > operator. I've just added > > ExcludeExitNodes thoughtcrime,$1E6882D9AB86DA56C48BDE96698B8F8AF81FD707 > > to my torrc file. > > > >Lots of people simply don't know how to use Tor safely. > > Very true, but then, lots of people simply don't know how to use the > Internet safely. Lots of people don't bother to buy and use a paper shredder > to dispose of sensitive USnail safely. > > > >I wonder if something could/should be built into TorButton to force a list of > >commonly used services to go entirely over https? Eg any request for > >^http://mail\.google\.com/.*$ > > > >Also, how feasible would it be to add a popup which says something along the > >lines of: > > > >"You are about to post unencrypted data over the Tor network. Are you sure you > >wish to proceed?" > > It's looks like a good idea, but what about pop-up blockers? Maybe it > should be built into browsers, perhaps enabled as a configurable option turned > on by default. > > > Scott Bennett, Comm. ASMELG, CFIAG > ********************************************************************** > * Internet: bennett at cs.niu.edu * > *--------------------------------------------------------------------* > * "A well regulated and disciplined militia, is at all times a good * > * objection to the introduction of that bane of all free governments * > * -- a standing army." * > * -- Gov. John Hancock, New York Journal, 28 January 1790 * > ********************************************************************** > > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on lapdog.ravenhome.net > X-Spam-Level: ****** > X-Spam-Status: No, score=6.7 required=8.0 tests=EMPTY_MESSAGE,MISSING_DATE, > MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, > NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.5 > Learned tokens from 1 message(s) (1 message(s) examined) > > X-Spam-Checker-Version: SpamAssassin 3.2.5 (2008-06-10) on lapdog.ravenhome.net > X-Spam-Level: ****** > X-Spam-Status: No, score=6.7 required=8.0 tests=EMPTY_MESSAGE,MISSING_DATE, > MISSING_HEADERS,MISSING_MID,MISSING_SUBJECT,NO_HEADERS_MESSAGE,NO_RECEIVED, > NO_RELAYS,TVD_SPACE_RATIO autolearn=no version=3.2.5 > Learned tokens from 1 message(s) (1 message(s) examined) > > -- "An imbalance between rich and poor is the oldest and most fatal ailment of all republics." --Plutarch
Attachment:
signature.asc
Description: This is a digitally signed message part.