Holy shit I caught 1

Watson Ladd watsonbladd at gmail.com
Wed Aug 30 11:17:47 UTC 2006


Shatadal wrote:
> Mike Perry wrote:
>   
>> I would have bet good money against this, but there actually IS a
>> router on the tor network spoofing SSL certs. The router '1'
>> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is
>> providing self-signed SSL certs for just about every SSL site you hit
>> through it. Nice. Is there a wiki page with bad tor nodes anywhere?
>>
>> Let's hear it for paranoia! Hip hip hooray.
>>
>> Is anyone else scanning? My list of hits on for this zip is awefully
>> small.. It appears we may actually need to scan, folks. 
>>
>> An assortment of SSL certs provided by this router is attached in a
>> .zip file.
>>
>> Go ahead and hit up https://addons.mozilla.org.1.exit with
>> socks_remote_dns and only a socks proxy (privoxy breaks the .exit
>> notation), and be prepared to shit yourself. Does anyone know if
>> firefox verifies cert sigs when downloading extension updates?
>>
>>
>>     
>
> So does that mean that if I am trying to access an SSL enabled account
> (say gmail or yahoo e-mail), the certificate is a spoofed one being
> provided by the rogue tor node and therefore my login name and password
> are therefore being provided in cleartext to the node operator?
>
> Thanks.
>
>
> ---
> avast! Antivirus: Outbound message clean.
> Virus Database (VPS): 0635-1, 08/28/2006
> Tested on: 8/30/2006 2:53:28 AM
> avast! - copyright (c) 2000-2006 ALWIL Software.
> http://www.avast.com
>
>
>
>
>   
Not unless you ignore the warning. The certificate hasn't been signed by 
anyone, and so triggers a warning box. Note that some sites use 
self-signed certificates, and so you could be MITM'd without any way to 
check. But if the site normally doesn't have a self-signed certificate, 
don't trust it.

-- 
They who would give up an essential liberty for temporary security,
 deserve neither liberty or security
--Benjamin Franklin



More information about the tor-talk mailing list