[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: SSL MITM attack by a Tor exit

Some interesting information about the self signed certificate:

CN: Finjan.com
OU: Vital Security
E: salesis@xxxxxxxxxx
L: Netanya
ST: Sharon

On 9/6/09, Tom Hek <tor@xxxxxxxxx> wrote:
> Hello everyone,
> The Tor exit JustaNode (fingerprint:
> dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6,
> http://torstatus.blutmagie.de/router_detail.php?FP=dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6
> ) does a MITM attack on every SSL connection. The SSL certificate is
> self signed for every SSL'ed website you want to request. I think this
> exit must be marked a BadExit.
> - Tom