On 08/09/11 03:21, Indie Intel wrote: > The more I research this, the more it seems this sort of > ``research''is more common than not. Wikileaks, Jacob Appelbaum, > Adrian Lamo, Moxie Marlinspike... who else? Iran?! You become good at implementing security by understanding how to break it. Sometimes the world won't take a threat seriously without a live demonstration. Sslstrip has been made available publicly as proof that the attack is real and actually quite simple. It should also be clear that it's not specific to Tor; any proxy could do it, including the "transparent" proxies than many ISPs force traffic through. The solution is simply "pay attention". If privacy is important to you (because e.g. you're sending credit card data) then don't rely on technology to alone protect you. Check that you're actually connected to the site you expect. Consider not using Tor for the transaction (if you don't actually need anonymity). Don't proceed if you're unsure. You wouldn't give card details over the phone unless you were damn sure you were talking to the right person, and it should be exactly the same online. Don't take anything for granted! Julian
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ tor-talk mailing list tor-talk@xxxxxxxxxxxxxxxxxxxx https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk