[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warning about the TOR exit node "snailitper"

On 9/1/07, M <maillist@xxxxxxxxxxxx> wrote:
> ...
> Many times I got false certificates when connecting
> https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
> the middle attack, am I right?

very probably.  (this happens from time to time, and is one of the
reasons Snakes on a Tor and other such tools/scanners exist :)

> Once I saw that my girlfriend approved a false certificate when logging
> to her netbank, I'm glad I was there and told her to log out and
> explained the situation.

oops!  usable security is still nearly non existent these days, hard
to fault her too much...

> Btw, IE7 has a new way of warning users for false / self-signed /
> expired certificates. I think that this new way is better for end users
> than the old pop-up. Many end users just click yes without reading the
> question first. Maybe this new way is a little bit harsh for self-signed
> certificates?

it's also hard on certificate revocation lists.  but i digress...

> And yes, I know better than to use IE but many users still use it cause
> they don't know better.

IE should only be used with Tor in a transparent proxy configuration
(like JanusVM).  otherwise, the integration of various non-proxied
services with browser / document handlers in win32 API leaves you
vulnerable to side channels.

this may be elaborated on further in the future...

best regards,