[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: evil nodes

To: or-talk@xxxxxxxxxxxxx
Subject: Re: evil nodes
From: Chris Palmer <chris@xxxxxxx>
Date: Wed, 1 Jun 2005 16:29:48 -0700
Delivered-to: archiver@seul.org
Delivered-to: or-talk-outgoing@seul.org
Delivered-to: or-talk@seul.org
Delivery-date: Wed, 01 Jun 2005 19:28:02 -0400
In-reply-to: <429E168D.15287.BCB6535@localhost>
References: <429E168D.15287.BCB6535@localhost>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Mutt/1.4.2i

alexyz@xxxxxxxxxx writes:

> Is it possible for an exit node to inject malicious javascript code on
> http requests?

It's possible for any intermediary to modify content in any way. Is your
ISP trustworthy? What about the other 10 ISPs your web requests go
through?

There's no substitute for end-to-end integrity checking, such as that
provided by SSL.

-- 
http://www.eff.org/about/staff/#chris_palmer

Attachment: pgp4pIrCIODQf.pgp
Description: PGP signature

Follow-Ups:
- Re: evil nodes
  - From: alexyz

References:
- evil nodes
  - From: alexyz

Prev by Author: Re: Tor Question
Next by Author: Re: evil nodes
Previous by thread: evil nodes
Next by thread: Re: evil nodes
Index(es):
- Author
- Thread