[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: False certificates
Thus spake Roger Dingledine (arma@xxxxxxx):
> On Tue, Nov 28, 2006 at 06:52:29PM -0600, Mike Perry wrote:
> > > bach from Germany : 212.42.236.140
> >
> > Confirmed (I've found an alternate machine to do dev on, so I should
> > be able to continuously scan now). Bach is self-signing certs still,
> > and not just for e-gold. It is also likely the culprit as opposed to
> > an upstream ISP, since the CN name is "bach". Based on this, I'm
> > guessing they're not intending to stop anytime soon.
>
> Yuck. Actually, Peter Palfrader just pointed out that it's probably just
> an iptables screw-up. "bach" is that Tor server's nickname. It looks
> like he's redirecting all outgoing port 443 requests back into his ORPort.
>
> So, yet another instance of a non-malicious attacker. :)
Heheh, I guess this goes in the "never blame conspiracy when you can
blame incompetence" column. Damn, it's so much more exciting to find
malicious nodes ;)
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs