SSL MITM attack by a Tor exit
Quertyf
quertyf at gmail.com
Sun Sep 6 21:22:04 UTC 2009
Some interesting information about the self signed certificate:
CN: Finjan.com
OU: Vital Security
E: salesis at finjan.com
L: Netanya
ST: Sharon
C: IL
On 9/6/09, Tom Hek <tor at tomhek.nl> wrote:
> Hello everyone,
>
> The Tor exit JustaNode (fingerprint:
> dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6,
> http://torstatus.blutmagie.de/router_detail.php?FP=dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6
> ) does a MITM attack on every SSL connection. The SSL certificate is
> self signed for every SSL'ed website you want to request. I think this
> exit must be marked a BadExit.
>
> - Tom
>
More information about the tor-talk
mailing list