[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: False certificates



Thus spake Roger Dingledine (arma@xxxxxxx):

> On Tue, Nov 28, 2006 at 06:52:29PM -0600, Mike Perry wrote:
> > > bach from Germany : 212.42.236.140
> > 
> > Confirmed (I've found an alternate machine to do dev on, so I should
> > be able to continuously scan now). Bach is self-signing certs still,
> > and not just for e-gold.  It is also likely the culprit as opposed to
> > an upstream ISP, since the CN name is "bach".  Based on this, I'm
> > guessing they're not intending to stop anytime soon.
> 
> Yuck. Actually, Peter Palfrader just pointed out that it's probably just
> an iptables screw-up. "bach" is that Tor server's nickname. It looks
> like he's redirecting all outgoing port 443 requests back into his ORPort.
> 
> So, yet another instance of a non-malicious attacker. :)

Heheh, I guess this goes in the "never blame conspiracy when you can
blame incompetence" column. Damn, it's so much more exciting to find
malicious nodes ;)

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs