[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Warning about the TOR exit node "snailitper"
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> Hi!
>
> I connect to safe-mail using secure POP (TLS on port 995), through
> Tor.
>
> I noticed today that my mail program warned me about an "unknown
> certificate" on safe-mail. I checked and saw that the Tor exit node
> "snailitper" (Thiensville, WI, US, IP Address: 66.191.122.19) tried to
> change the certificate and send me another one.
>
> The certificate used by snailitper was issued by a "Ciphire mail" on
> Aug 4.
>
> It seems to be a deliberate attempt to hack the connection as the
> certificate shows:
>
> Certificate S/N: B843DC85997AFD2CC6B92F5870096997A06024D230F624F4765892DF3C142DA1, algorithm: RSA (1024 bits),
> issued from 19 May 2007 to 19 May 2008, for 1 host(s): mango.Safe-mail.net.
> Owner: mango.Safe-mail.net, Domain Control Validated, mango.Safe-mail.net.
> Issuer: Ciphire, Ciphire, Ciphire Mail.
>
> The "issued" and "owner" fields let no doubt that it is a deliberate
> forgery.
>
> snailitper is now in my nodes blacklist.
>
> F44
I've learned not to use Tor when connecting to my netbank or doing any
transactions with credit card. Just in case.
Many times I got false certificates when connecting
https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
the middle attack, am I right?
Once I saw that my girlfriend approved a false certificate when logging
to her netbank, I'm glad I was there and told her to log out and
explained the situation. She was using my computer account. I have
created own account for her (of course) that does not use Tor.
Btw, IE7 has a new way of warning users for false / self-signed /
expired certificates. I think that this new way is better for end users
than the old pop-up. Many end users just click yes without reading the
question first. Maybe this new way is a little bit harsh for self-signed
certificates?
And yes, I know better than to use IE but many users still use it cause
they don't know better.
M
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFG2R856fSN8IKlpYoRAv6VAKClO41BfIxFw6papf482jm//12pNgCeIgFF
36XOfvTI3spfmUswiCAa+tk=
=OyuC
-----END PGP SIGNATURE-----