[tor-relays] unflagged BAD EXIT nodes

starlight.2015q2 at binnacle.cx starlight.2015q2 at binnacle.cx
Fri Jul 3 02:22:21 UTC 2015


Could someone comment on why 15 exit nodes
discovered to be sniffing and abusing login
credentials have not been marked with the
BAD EXIT flag?

The research appears to be legitimate, involved
a good deal of effort, and seems credible:

https://chloe.re/2015/06/20/a-month-with-badonions/

was blogged by Sophos, also credible

https://nakedsecurity.sophos.com/2015/06/25/can-you-trust-tors-exit-nodes/

Is there an issue of trust w/r/t this
security researcher?  An issue of methodology
and/or reproducibility?  A shortage of
resources to follow up?  An investigation
attempting to identify the operators?

The researcher writes that they received a
polite reply from and was summarily ignored
with no further comment.  AND the exits
continue to steal and abuse credentials.
If true this would be contrary to the
inclusiveness generally exhibited by
the Tor Project.

IMO a likely password-stealing exit should be
marked-first, questions asked later.  If
some kind of mix-up or mistake has occurred,
a good operator should readily be able to
defend themselves and not feel ruffled
for it.



More information about the tor-relays mailing list