False certificates
Mike Perry
mikepery at fscked.org
Wed Nov 29 01:56:41 UTC 2006
Thus spake Roger Dingledine (arma at mit.edu):
> On Tue, Nov 28, 2006 at 06:52:29PM -0600, Mike Perry wrote:
> > > bach from Germany : 212.42.236.140
> >
> > Confirmed (I've found an alternate machine to do dev on, so I should
> > be able to continuously scan now). Bach is self-signing certs still,
> > and not just for e-gold. It is also likely the culprit as opposed to
> > an upstream ISP, since the CN name is "bach". Based on this, I'm
> > guessing they're not intending to stop anytime soon.
>
> Yuck. Actually, Peter Palfrader just pointed out that it's probably just
> an iptables screw-up. "bach" is that Tor server's nickname. It looks
> like he's redirecting all outgoing port 443 requests back into his ORPort.
>
> So, yet another instance of a non-malicious attacker. :)
Heheh, I guess this goes in the "never blame conspiracy when you can
blame incompetence" column. Damn, it's so much more exciting to find
malicious nodes ;)
--
Mike Perry
Mad Computer Scientist
fscked.org evil labs
More information about the tor-talk
mailing list