Holy shit I caught 1

Mike Perry mikepery at fscked.org
Mon Aug 28 01:24:06 UTC 2006

I would have bet good money against this, but there actually IS a
router on the tor network spoofing SSL certs. The router '1'
( - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
providing self-signed SSL certs for just about every SSL site you hit
through it. Nice. Is there a wiki page with bad tor nodes anywhere?

Let's hear it for paranoia! Hip hip hooray.

Is anyone else scanning? My list of hits on for this zip is awefully
small.. It appears we may actually need to scan, folks. 

An assortment of SSL certs provided by this router is attached in a
.zip file.

Go ahead and hit up https://addons.mozilla.org.1.exit with
socks_remote_dns and only a socks proxy (privoxy breaks the .exit
notation), and be prepared to shit yourself. Does anyone know if
firefox verifies cert sigs when downloading extension updates?

Mike Perry
Mad Computer Scientist
fscked.org evil labs
-------------- next part --------------
A non-text attachment was scrubbed...
Name: The1.zip
Type: application/zip
Size: 7235 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20060827/e734de2c/attachment.zip>

More information about the tor-talk mailing list