[tor-bugs] #7430 [Tor Check]: Easy MITM against check.tpo (not SSL-related)

Tor Bug Tracker & Wiki blackhole at torproject.org
Sun Nov 11 07:30:39 UTC 2012


#7430: Easy MITM against check.tpo (not SSL-related)
-------------------------+--------------------------------------------------
 Reporter:  cypherpunks  |          Owner:     
     Type:  defect       |         Status:  new
 Priority:  major        |      Milestone:     
Component:  Tor Check    |        Version:     
 Keywords:               |         Parent:     
   Points:               |   Actualpoints:     
-------------------------+--------------------------------------------------

Comment(by arma):

 Yes, I think you're right that this attack would work fine.

 I'm not too worried though, because using an external website (with its
 various false positives and false negatives) is silly from within TBB
 anyway: Tor Browser Button can check whether it's configured correctly,
 full stop.

 So the check website is already more like a homepage for TBB users than an
 actual "are you using Tor correctly" page.

 There are a bunch of tickets around here for "stop hitting check.tp.o on
 startup" and the like.

-- 
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7430#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online


More information about the tor-bugs mailing list