[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSL question (Problem?)

To: or-talk@xxxxxxxxxxxxx
Subject: Re: SSL question (Problem?)
From: Roc Admin <onionroutor@xxxxxxxxx>
Date: Mon, 9 Mar 2009 07:28:50 -0500
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Mon, 09 Mar 2009 08:28:53 -0400
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :date:message-id:subject:from:to:content-type; bh=+TRsiRbuCauTnS9DUzwu8OI8d/oO9kQ5nVzO6zxisWQ=; b=A1a58Hry3/p4iUAhLGu9nRLUghphd3O9iPmaTY3WFkLIzm04FXFy5nevNNsWVy6OSg LQYPNh4lFRqRO/D7Mt4c7iSLjAdvAQvzkqKpldmFJEQgP0KPCZkWH08W6obAhxcL9oLx 1xCuNNZHQsXjiQ2gNQ8EUjyohLHrn3PbtStc8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; b=Y+gRjF1sVIUXMpGVjydk6R5cAQ4ccZp9cHRVUDGzkI4ZyhhxHtZsiB1Cn7HHp0/rnr uLHJqyUg67lbP8EDLeG4l0t+BbujKMRVkPF96usxY354FM2q7F3nyYTHjZLqoaB7jXnC yk6ci0ZlVN4PPVgCnJY/VoM3y88oeJyqsE3e0=
In-reply-to: <N1N-aVFLih4eo7@xxxxxxxxxxxxx>
References: <N1N-aVFLih4eo7@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx

I'm not saying that this was the issue but a possibility is that one of the new "hacking" tools called sslstrip could have been used to move your connection from encrypted to plain text. One of the features of this tool is that it replaces your favicon with whatever the attacker wishes.

See the Avoiding HTTPS Pitfalls or Moxie Marlinspike related threads for more discussion

ROC Tor Admin

On Mon, Mar 9, 2009 at 3:15 AM, <force44@xxxxxxxxxxxxx> wrote:

I was connected to a secure website using TOR and saw that the Firefox certificate icon was broken, a message saying that some elements are not going to ssl.

That looked strange, as the site is a bank and I was checking my account. I looked at the Vidalia panel and hadn't the time to see the exit node, I could just see "Sofia BG" as the circuit closed at this time :(

I immediately logged out, and logged in again without Tor, changed all my access code.

In direct connection, no problem with the SSL icon.

Logged out and connected again through Tor 3 times, changing exit node at every time, no more SSL icon problem.

What can have happened exactly? I think that if the exit node changed the initial bank certificate for HIS certificate, I should receive a warning by the browser, no? Anyway that couldn't probably explain the fact that the SSL icon was broken.

References:
- SSL question (Problem?)
  - From: force44

Prev by Author: Re: Gsoc Idea: Lunux Tor/Firefox Bundle
Next by Author: Re: 64 bit Linux
Previous by thread: SSL question (Problem?)
Next by thread: info and a problem
Index(es):
- Author
- Thread