Holy shit I caught 1
Andrew Del Vecchio
firefox-gen at walala.org
Mon Aug 28 01:41:03 UTC 2006
This is a disturbing development have you an idea for a patch?
Mike Perry wrote:
> I would have bet good money against this, but there actually IS a
> router on the tor network spoofing SSL certs. The router '1'
> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
> providing self-signed SSL certs for just about every SSL site you hit
> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
>
> Let's hear it for paranoia! Hip hip hooray.
>
> Is anyone else scanning? My list of hits on for this zip is awefully
> small.. It appears we may actually need to scan, folks.
>
> An assortment of SSL certs provided by this router is attached in a
> .zip file.
>
> Go ahead and hit up https://addons.mozilla.org.1.exit with
> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
> notation), and be prepared to shit yourself. Does anyone know if
> firefox verifies cert sigs when downloading extension updates?
>
>
>
More information about the tor-talk
mailing list