[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] detecting harmful relays

On Wed, Jun 01, 2011 at 05:31:41AM +0000, kraktus@xxxxxxxxxxxxxx wrote 1.9K bytes in 45 lines about:
: A few weeks ago, there was one that tried to give me a .bin file
: whenever I tried to visit a non-SSL website, but I haven't had a
: problem like that since. I always rejected the .bin file.

I don't think this is a malicious relay, as I get these from time to
time as well.  It only happens with firefox and only when going through
really busy exit relays.  I think it's firefox misinterpreting a partial
stream of data as a binary file.  

It happened to me yesterday when going to the wsj.com site, part of the
article and image were sent to my browser, according to firebug, but
firefox prompted for a bin file.  It wasn't until I killed the circuit
that the problem went away.  My exit node at the time was PPrivCom034.

A malicious relay could do elicit the same behavior, but at least for
the past few instances of this bin file for me, firebug is showing it's
an incomplete data stream confusing firefox.

pgp key: 0x74ED336B
tor-talk mailing list