Banners injected in web pages at exit nodes TRHCourtney*
Freemor
freemor at gmail.com
Tue Jun 2 11:52:10 UTC 2009
On Tue, 02 Jun 2009 14:52:18 +0400
"Alexander Cherepanov" <cherepan at mccme.ru> wrote:
> Hello!
>
> Just stumbled upon a banner injected in html at tor exit node.
> Nodes in question:
>
Thanks for the heads up.. I wasn't getting the injected banners on the
link you provided but when I tried:
https://torcheck.xenobite.eu.trhcourtney01.exit/
I got an invalid certificate error.. Definitely man-in-the-middle stuff
going on here.. Certificate I received for the above belonged to:
Issued to
Common Name (CN) *.krauscomputer.de
Organization (O) Manuel Kraus
Organizational Unit (OU) StartCom Verified Certificate Member
Serial Number 00:de
Issued By
Common Name (CN) StartCom Class 2 Primary Intermediate
Server CA
Organization (O) StartCom Ltd.
Organizational Unit (OU) Secure Digital Certificate Signing
Validity
Issued On 08-06-25
Expires On 09-06-25
SHA1 Fingerprint
6a:cd:f2:9d:32:4d:c8:c6:af:d9:27:42:09:e2:62:57:49:c8:d0:1e
MD5 Fingerprint
B1:11:1f:5e:f8:47:38:d4:08:06:28:66:db:91:cf:7f
Needless to say this is not the correct certificate.
This is a very unfriendly exit node.
--
freemor at gmail.com
freemor at yahoo.ca
This e-mail has been digitally signed with GnuPG - ( http://gnupg.org/ )
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20090602/cb35fbbc/attachment.pgp>
More information about the tor-talk
mailing list