[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warning about the TOR exit node "snailitper"

To: or-talk@xxxxxxxxxxxxx
Subject: Re: Warning about the TOR exit node "snailitper"
From: M <maillist@xxxxxxxxxxxx>
Date: Sat, 01 Sep 2007 11:13:45 +0300
Delivered-to: archiver@xxxxxxxx
Delivered-to: or-talk-outgoing@xxxxxxxx
Delivered-to: or-talk@xxxxxxxx
Delivery-date: Sat, 01 Sep 2007 04:14:00 -0400
In-reply-to: <N1N-k52z_ixJ57@xxxxxxxxxxxxx>
References: <N1N-k52z_ixJ57@xxxxxxxxxxxxx>
Reply-to: or-talk@xxxxxxxxxxxxx
Sender: owner-or-talk@xxxxxxxxxxxxx
User-agent: Icedove 1.5.0.12 (X11/20070607)

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Hi!
> 
> I connect to safe-mail using secure POP (TLS on port 995), through
> Tor.
> 
> I noticed today that my mail program warned me about an "unknown
> certificate" on safe-mail. I checked and saw that the Tor exit node
> "snailitper" (Thiensville, WI, US, IP Address: 66.191.122.19) tried to
> change the certificate and send me another one.
> 
> The certificate used by snailitper was issued by a "Ciphire mail" on
> Aug 4.
> 
> It seems to be a deliberate attempt to hack the connection as the
> certificate shows:
> 
> Certificate S/N: B843DC85997AFD2CC6B92F5870096997A06024D230F624F4765892DF3C142DA1, algorithm: RSA (1024 bits),
> issued from 19 May 2007 to 19 May 2008, for 1 host(s): mango.Safe-mail.net.
> Owner: mango.Safe-mail.net, Domain Control Validated, mango.Safe-mail.net.
> Issuer: Ciphire, Ciphire, Ciphire Mail.
> 
> The "issued" and "owner" fields let no doubt that it is a deliberate
> forgery.
> 
> snailitper is now in my nodes blacklist.
> 
> F44


I've learned not to use Tor when connecting to my netbank or doing any
transactions with credit card. Just in case.

Many times I got false certificates when connecting
https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
the middle attack, am I right?

Once I saw that my girlfriend approved a false certificate when logging
to her netbank, I'm glad I was there and told her to log out and
explained the situation. She was using my computer account. I have
created own account for her (of course) that does not use Tor.

Btw, IE7 has a new way of warning users for false / self-signed /
expired certificates. I think that this new way is better for end users
than the old pop-up. Many end users just click yes without reading the
question first. Maybe this new way is a little bit harsh for self-signed
certificates?

And yes, I know better than to use IE but many users still use it cause
they don't know better.


M
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFG2R856fSN8IKlpYoRAv6VAKClO41BfIxFw6papf482jm//12pNgCeIgFF
36XOfvTI3spfmUswiCAa+tk=
=OyuC
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: Warning about the TOR exit node "snailitper"
  - From: coderman

References:
- Warning about the TOR exit node "snailitper"
  - From: force44

Prev by Author: Fwd: Careful, you.re being watched.
Next by Author: Re: Service: Bacula-dir Port: 9101 ?
Previous by thread: Warning about the TOR exit node "snailitper"
Next by thread: Re: Warning about the TOR exit node "snailitper"
Index(es):
- Author
- Thread