Perfect MITM attack with valid SSL Certs
Roc Admin
onionroutor at gmail.com
Tue Dec 23 16:47:44 UTC 2008
http://blog.startcom.org/?p=145
Slashdot and others are reporting on this story about how it was possible
for a person to receive a completely valid certificate for a random domain
of his choosing without any questions or verification. In this case he
generated a certificate for mozilla.com from a reseller of the Comodo
certificate authority. I'm hoping this is just a single instance but it
makes you remember that the browser pre-trusted certificate authorities
really needs to be cleaned up.
If it's not obvious enough, this is not good for Tor users due to the fact
that we try to rely on SSL certificates to make sure that traffic isn't
sniffed while using Tor.
-Roc Tor Admin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20081223/9355d23a/attachment.htm>
More information about the tor-talk
mailing list