[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warning about the TOR exit node "snailitper"

Hash: SHA1

> Hi!
> I connect to safe-mail using secure POP (TLS on port 995), through
> Tor.
> I noticed today that my mail program warned me about an "unknown
> certificate" on safe-mail. I checked and saw that the Tor exit node
> "snailitper" (Thiensville, WI, US, IP Address: tried to
> change the certificate and send me another one.
> The certificate used by snailitper was issued by a "Ciphire mail" on
> Aug 4.
> It seems to be a deliberate attempt to hack the connection as the
> certificate shows:
> Certificate S/N: B843DC85997AFD2CC6B92F5870096997A06024D230F624F4765892DF3C142DA1, algorithm: RSA (1024 bits),
> issued from 19 May 2007 to 19 May 2008, for 1 host(s): mango.Safe-mail.net.
> Owner: mango.Safe-mail.net, Domain Control Validated, mango.Safe-mail.net.
> Issuer: Ciphire, Ciphire, Ciphire Mail.
> The "issued" and "owner" fields let no doubt that it is a deliberate
> forgery.
> snailitper is now in my nodes blacklist.
> F44

I've learned not to use Tor when connecting to my netbank or doing any
transactions with credit card. Just in case.

Many times I got false certificates when connecting
https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
the middle attack, am I right?

Once I saw that my girlfriend approved a false certificate when logging
to her netbank, I'm glad I was there and told her to log out and
explained the situation. She was using my computer account. I have
created own account for her (of course) that does not use Tor.

Btw, IE7 has a new way of warning users for false / self-signed /
expired certificates. I think that this new way is better for end users
than the old pop-up. Many end users just click yes without reading the
question first. Maybe this new way is a little bit harsh for self-signed

And yes, I know better than to use IE but many users still use it cause
they don't know better.

Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org