[tor-talk] Tor spying
Indie Intel
d577ac28 at yahoo.com
Thu Sep 8 02:21:21 UTC 2011
Hello tor-talk mailing list,
Today I was reading Dan Kaminsky's blog and I noticed a mention of Tor:
``Moxie Marlinspike, probably the smartest guy in the world right now on SSL issues, did a study a few years ago on how many Tor users — not even regular users, but Tor users, clearly concerned about their privacy and possessed with some advanced level of expertise -- would notice SSL being disabled and refuse to browse their desired content.
Moxie didn’t find a single user who resisted disabled security. His tool, sslsniff, worked against 100% of the sample set.''
http://dankaminsky.com/2011/08/31/notnotar/
I did a Google search and found two articles mentioning this:
http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html
http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/page2.html
Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?!
This Moxie Marlinspike is even a well-respected researcher, apparently. He gives talks at Blackhat to government hacker wannabes. But stealing email passwords and credit card information? How is this legal in the US?
The more I research this, the more it seems this sort of ``research'' is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie Marlinspike... who else? Iran?!
The Tor Project needs to shed some light on this or it will have a serious problem with people wanting to use Tor at all...
More information about the tor-talk
mailing list