[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-relays] Blog: How Malicious Tor Relays are Exploiting Users in 2020 (Part I)



This may be true, but I think you underestimate how few sites are on the HSTS preload list or are enforced by SSL Everywhere.

Ultimately, unless the first site you load in a browsing session is HTTPS or unless you end up at an HSTS preload-enforced site, sslstrip can just keep taking the "s" part out of the link you're about to click. And, as we've seen here, even sites that redirect HTTP to HTTPS and various other best practices can fall victim.

To the average user, there is little feedback that the site they're on is properly secured using HSTS preload, and many sites forget to enroll themselves in the preload list.

For reference, the first two "probably kinda try to be secure for their users" sites I tried were not on the list: wellsfargo.com and bankofamerica.com.

Matt

On 8/13/20 5:19 AM, Michael Gerstacker wrote:
    https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac
    <https://medium.com/@nusenu/how-malicious-tor-relays-are-exploiting-users-in-2020-part-i-1097575c0cac>


So in other words when the destination website does not really care about their users safety and the user sends unencrypted exit traffic through Tor then an exit relay operator could do the same like your internet provider (spying/changing your traffic).
Properly setting MyFamily does not help in this case.

That's nothing new.

The only news is that it is getting exploited big scale now.

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays

_______________________________________________
tor-relays mailing list
tor-relays@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-relays