Mike Perry wrote: > I would have bet good money against this, but there actually IS a > router on the tor network spoofing SSL certs. The router '1' > (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is > providing self-signed SSL certs for just about every SSL site you hit > through it. Nice. Is there a wiki page with bad tor nodes anywhere? > > Let's hear it for paranoia! Hip hip hooray. > > Is anyone else scanning? My list of hits on for this zip is awefully > small.. It appears we may actually need to scan, folks. > > An assortment of SSL certs provided by this router is attached in a > .zip file. > > Go ahead and hit up https://addons.mozilla.org.1.exit with > socks_remote_dns and only a socks proxy (privoxy breaks the .exit > notation), and be prepared to shit yourself. Does anyone know if > firefox verifies cert sigs when downloading extension updates? > >
So does that mean that if I am trying to access an SSL enabled account (say gmail or yahoo e-mail), the certificate is a spoofed one being provided by the rogue tor node and therefore my login name and password are therefore being provided in cleartext to the node operator? Thanks. --- avast! Antivirus: Outbound message clean. Virus Database (VPS): 0635-1, 08/28/2006 Tested on: 8/30/2006 2:53:28 AM avast! - copyright (c) 2000-2006 ALWIL Software. http://www.avast.com
