[tor-talk] SIGAINT email service targeted by 70 bad exit nodes

Aymeric Vitte vitteaymeric at gmail.com
Thu Apr 23 11:02:14 UTC 2015



Le 23/04/2015 06:08, Roger Dingledine a écrit :
>> >I know we could SSL sigaint.org, but if it is a state-actor they could just
>> >use one of their CAs and mill a key.
> This is not great logic. You're running a website without SSL, even though
> you know people are attacking you? Shouldn't your users be hassling you
> to give them better options?:)
>
> As you say, SSL is not perfect, but it does raise the bar a lot. That
> seems like the obvious next step for making your website safer for
> your users.
>
Yes, you should use SSL/TLS and you and/or your users run the very 
excellent "interception detector" http://www.ianonym.com/intercept.html

Of course to be maximally efficient the tool should be installed on your 
site and it should be modified not to change the proxy settings (and 
then be compatible with the Tor browser, which unfortunately is 
currently not the case), because if the mitm is not stupid it can see 
that the destination IP in the socks message does not match your domain.

It can be tried with the secret "abcd" (abcd.sigaint.org)

-- 
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms



More information about the tor-talk mailing list