How can I trust all my Tor nodes in path

[Mike Perry]

Thus spake Robert Hogan (robert at roberthogan.net):

> On Friday 01 December 2006 20:55, Tim Warren wrote:
> > On 12/1/06, Robert Hogan <robert at roberthogan.net> wrote:
> > > The real danger with Tor is using sensitive information over http rather
> > > than
> > > https and mixing anonymous and non-anonymous traffic over the same
> > > circuit.
> > > Those two are the most common and most easy mistakes to make.
> >
> > Maybe you could answer a question for me. Should I NOT login in to a site,
> > such as a bank, when using Tor? Or do I need to make sure it is https:?
> >
> > Appreciate any clarification.
> >
> > Thanks,
> 
> If you use https (and your browser hasn't complained about the ssl 
> certificate) you're fine.  The exit node can see everything (if they want) 
> over http. 
> 
> Everything after the exit node is just as good or bad as if you weren't using 
> tor. Tor just adds an extra guy to the chain of *reputable* carriers who 
> *could* monitor your traffic - and it is best practice to assume that at 
> least the tor exit node is doing exactly that. see http://tor.unixgu.ru

It is also wise not to log in to any form over plain http, even if the
form posts to an https url. This is true not just over Tor, but pretty
much anywhere an attacker can manage to position themselves to rewrite
your traffic, which is pretty much anywhere.

Many, many, many banking sites completely disregard this attack vector
in favor of ease of use. Even if the target action of a form is https,
if you have retrieved the form via plain http, that post can be
rewritten to go anywhere. An http redirect later and you're logged in
to your banking site, no harm no foul. Except to your account balance,
of course :)

If your bank is braindamaged in this way, usually giving it a bullshit
login until you can verify you are actually connected via https to it
is probably the easiest way to deal with this.

-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs