[tor-talk] MITM attack on TLS

Ivan Markin twim at riseup.net
Fri Nov 20 22:33:59 UTC 2015


Justin Davis:
> Just to give more information, the
> attack will be done by having every network user install a root cert
> in our browsers.

Be twice (or more) careful if someone have access to your computer in
such way. They can even dump _anything_ that you're looking via Tor. For
instance, they can sniff SOCKS5 TBB<->tor connection.

In other case just delete malicious CA certs (if you have these
permissions).
-- 
Ivan Markin

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20151120/082e1eba/attachment.sig>


More information about the tor-talk mailing list