[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Warning about the TOR exit node "snailitper"



Hi!

I connect to safe-mail using secure POP (TLS on port 995), through
Tor.

I noticed today that my mail program warned me about an "unknown
certificate" on safe-mail. I checked and saw that the Tor exit node
"snailitper" (Thiensville, WI, US, IP Address: 66.191.122.19) tried to
change the certificate and send me another one.

The certificate used by snailitper was issued by a "Ciphire mail" on
Aug 4.

It seems to be a deliberate attempt to hack the connection as the
certificate shows:

Certificate S/N: B843DC85997AFD2CC6B92F5870096997A06024D230F624F4765892DF3C142DA1, algorithm: RSA (1024 bits),
issued from 19 May 2007 to 19 May 2008, for 1 host(s): mango.Safe-mail.net.
Owner: mango.Safe-mail.net, Domain Control Validated, mango.Safe-mail.net.
Issuer: Ciphire, Ciphire, Ciphire Mail.

The "issued" and "owner" fields let no doubt that it is a deliberate
forgery.

snailitper is now in my nodes blacklist.

F44