[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: Warning about the TOR exit node "snailitper"
- To: or-talk@xxxxxxxxxxxxx
- Subject: Re: Warning about the TOR exit node "snailitper"
- From: coderman <coderman@xxxxxxxxx>
- Date: Sat, 1 Sep 2007 01:45:45 -0700
- Delivered-to: archiver@xxxxxxxx
- Delivered-to: or-talk-outgoing@xxxxxxxx
- Delivered-to: or-talk@xxxxxxxx
- Delivery-date: Sat, 01 Sep 2007 04:45:54 -0400
- Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=A2er9I8d4/jM+xRho0q21O8JCxEKadwULvIwUnQUylN3gKOhQUbb3t4B6NX71RWV27EsbDbuT+bef3IDdbGfP+HRO3SAOPJ6BT5/fFwKsXHmZJeiZOk+LguRGuknn+WLbanPH3g9chhLRpN2HOm/7xnPA37f1M/4iVkGh8YDmgc=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references; b=UqMY1xR/HuO2kNGLg1z6uVCKkytf/J5f7Sx9tpZ3ZFZ+irZqzI1u2qeu3eE331e0/2WAFIKBF85mZmdnGlKZ5GTJuliq8H32I++QH/xVL3cLKI6+1RXGWlFpMXxVFQF9cZcJAzjTo50ykv4uzZZ15+8QHEG4CGssJA0cGATd284=
- In-reply-to: <46D91F39.2070701@xxxxxxxxxxxx>
- References: <N1N-k52z_ixJ57@xxxxxxxxxxxxx> <46D91F39.2070701@xxxxxxxxxxxx>
- Reply-to: or-talk@xxxxxxxxxxxxx
- Sender: owner-or-talk@xxxxxxxxxxxxx
On 9/1/07, M <maillist@xxxxxxxxxxxx> wrote:
> Many times I got false certificates when connecting
> https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
> the middle attack, am I right?
very probably. (this happens from time to time, and is one of the
reasons Snakes on a Tor and other such tools/scanners exist :)
> Once I saw that my girlfriend approved a false certificate when logging
> to her netbank, I'm glad I was there and told her to log out and
> explained the situation.
oops! usable security is still nearly non existent these days, hard
to fault her too much...
> Btw, IE7 has a new way of warning users for false / self-signed /
> expired certificates. I think that this new way is better for end users
> than the old pop-up. Many end users just click yes without reading the
> question first. Maybe this new way is a little bit harsh for self-signed
it's also hard on certificate revocation lists. but i digress...
> And yes, I know better than to use IE but many users still use it cause
> they don't know better.
IE should only be used with Tor in a transparent proxy configuration
(like JanusVM). otherwise, the integration of various non-proxied
services with browser / document handlers in win32 API leaves you
vulnerable to side channels.
this may be elaborated on further in the future...