[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Banners injected in web pages at exit nodes TRHCourtney*

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Banners injected in web pages at exit nodes TRHCourtney*
From: Freemor <freemor@xxxxxxxxx>
Date: Tue, 2 Jun 2009 08:52:10 -0300
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Tue, 02 Jun 2009 08:00:11 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:received:received:date:from:to:subject :message-id:in-reply-to:references:x-mailer:face:mime-version :content-type; bh=QFBabJi+kKDkDhAC+bjyn2+njYk4Un61aRjnX3f2w1Y=; b=E2v3cOJ92NDCpJ1lkESvOqiq1aHHmuR0QabZgMXz7yusJ6Iwfq1vi/OOD1a0OWCoEs BkdKs7dIog6EB78j3mprZfDtz4KyyggTfT+9J5vt7OzydZZjztt7h9VfEnZdepCOUZLv 1yEkOn5rW6MJbQnlwmouuS6KMbUpgJ7Sn8/+8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=date:from:to:subject:message-id:in-reply-to:references:x-mailer :face:mime-version:content-type; b=PZWNwQcTk8PrCLJOQxRYikQduuEwHIcdvlc4d99A7vO515/qZGfJ99GwRgQHN/6CNW swxV4HcAqOo6VsZi3xPm2/NcWrxKXHjX/1S03bTPdci6JtjazrHdtUwn2KUgQKxtXGYu fqNgpsaJfMb9+RbV/2cDU1kB9IIFV5UlCNcr4=
Face: iVBORw0KGgoAAAANSUhEUgAAADAAAAAwBAMAAAClLOS0AAAAFVBMVEXn2K356bi4xY5EMR+GuGqSkWzK+eFKflhGAAABqElEQVQ4jY3SzW7bMAwAYEqbexZToGdXiXseyvg+LG7Pjg32nGSr3v8RSlLyT4NmKAEDBr+QtKjA6ymlhp5SSlFehlTiHzx9DQnS/+Cd0i24WfGqr3epmgEKvKV0AkQfp7QDqTGozygRLB9WcMEcXvIIAFigdwWCVq4BJwB9ZhgfF3BaUODCeAWuwLACWMNxBV7xK4Bwo8JAQiHNHwU1TGHgtqTzw0jUL/CQTu7oSc5+37sQJzgLnDGddIdhEwFDyO1QdzCM9AzgWVrxUMYobIbLD2Lmu7RtmeNSgfxOkmne/gr3PoOts2F65hwDQD/DBmLkx4eGo+YlfIwZXGyiO1dNjDWC93HXdQbVMUgGsRlq2YmmZ5Csm5ZleYNgUG43+G4GqDRZRbuuUtDZkiu7WrBmYOlDZ1/XLHeOudNhX8AF+XQ5MYaYO5EepmY+5j+TzN5NUEst86/PnXT4n58KrZMmjUyvrkD/o9oq8Ay/M7S5U9VeV5AdYjPSArsMNl6udg0vCjIet7SCTqAVIPm1xDJDHquY4lvQrYH2stoJRvocGQ57uo69wAeDBdMp0Qij8AAAAABJRU5ErkJggg==
In-reply-to: <20090602112258.C864914085B6@xxxxxxxxxxxxxx>
References: <20090602112258.C864914085B6@xxxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

On Tue, 02 Jun 2009 14:52:18 +0400
"Alexander Cherepanov" <cherepan@xxxxxxxx> wrote:

> Hello!
> 
> Just stumbled upon a banner injected in html at tor exit node.
> Nodes in question:
> 
Thanks for the heads up.. I wasn't getting the injected banners on the
link you provided but when I tried:

https://torcheck.xenobite.eu.trhcourtney01.exit/

I got an invalid certificate error.. Definitely man-in-the-middle stuff
going on here.. Certificate I received for the above belonged to:

Issued to
Common Name (CN) 		*.krauscomputer.de
Organization (O)		Manuel Kraus
Organizational Unit (OU)	StartCom Verified Certificate Member
Serial Number			00:de

Issued By
Common Name (CN)		StartCom Class 2 Primary Intermediate
Server CA
Organization (O)		StartCom Ltd.
Organizational Unit (OU)	Secure Digital Certificate Signing

Validity
Issued On 			08-06-25
Expires On			09-06-25

SHA1 Fingerprint
6a:cd:f2:9d:32:4d:c8:c6:af:d9:27:42:09:e2:62:57:49:c8:d0:1e
MD5 Fingerprint
B1:11:1f:5e:f8:47:38:d4:08:06:28:66:db:91:cf:7f

Needless to say this is not the correct certificate.
This is a very unfriendly exit node.

-- 
freemor@xxxxxxxxx
freemor@xxxxxxxx

This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )

Attachment: signature.asc
Description: PGP signature

Follow-Ups:
- Re: Banners injected in web pages at exit nodes TRHCourtney*
  - From: Alexander Cherepanov

References:
- Banners injected in web pages at exit nodes TRHCourtney*
  - From: Alexander Cherepanov

Prev by Author: Re: Lynx leaks DNS
Next by Author: Re: Banners injected in web pages at exit nodes TRHCourtney*
Previous by thread: Banners injected in web pages at exit nodes TRHCourtney*
Next by thread: Re: Banners injected in web pages at exit nodes TRHCourtney*
Index(es):
- Author
- Thread