Warning about the TOR exit node "snailitper"
coderman
coderman at gmail.com
Sat Sep 1 08:45:45 UTC 2007
On 9/1/07, M <maillist at piirakka.com> wrote:
> ...
> Many times I got false certificates when connecting
> https://www.nordea.fi and https://www.sampo.fi (Finnish banks). Man in
> the middle attack, am I right?
very probably. (this happens from time to time, and is one of the
reasons Snakes on a Tor and other such tools/scanners exist :)
> Once I saw that my girlfriend approved a false certificate when logging
> to her netbank, I'm glad I was there and told her to log out and
> explained the situation.
oops! usable security is still nearly non existent these days, hard
to fault her too much...
> Btw, IE7 has a new way of warning users for false / self-signed /
> expired certificates. I think that this new way is better for end users
> than the old pop-up. Many end users just click yes without reading the
> question first. Maybe this new way is a little bit harsh for self-signed
> certificates?
it's also hard on certificate revocation lists. but i digress...
> And yes, I know better than to use IE but many users still use it cause
> they don't know better.
IE should only be used with Tor in a transparent proxy configuration
(like JanusVM). otherwise, the integration of various non-proxied
services with browser / document handlers in win32 API leaves you
vulnerable to side channels.
this may be elaborated on further in the future...
best regards,
More information about the tor-talk
mailing list