-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Also note that browsing with Firefox using the NoScript http://noscript.net/ extension renders this attack and most others useless, since that java applet never gets executed.
Michael_google gmail_Gersten wrote: > Well, first, this is just the normal exit node exposure of tor. > > The exit node in your circuit gets to see the raw communication > between you and your destination. If you are using an SSL channel > (SSH, https, etc) then nothing is a problem. Otherwise, the exit node > can do things like spy on usernames and passwords, etc. > > There are already sites that modify the HTML of web pages going > through them -- I've had scripts munged on some sites, for example -- > and this is just another case of that. > > Now, I believe tor allows you do exclude nodes from ever being used as > exit nodes. > > On 3/6/07, Fergie <[EMAIL PROTECTED]> wrote: >> Hmmm. >> >> http://blogs.zdnet.com/security/?p=114 >> >> Comments? >> >> >> -- >> "Fergie", a.k.a. Paul Ferguson >> Engineering Architecture for the Internet >> fergdawg(at)netzero.net >> ferg's tech blog: http://fergdawg.blogspot.com/ >> >> > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (MingW32) iQIVAwUBRe5T4KYAM/AiUno8AQKfoA//ZCEtnh7VsfiuaZFXCbQ89u0Jyqqo2WKy JXp2xt2PVYDSFnVuMdu7fIPjtlujG1nVNZOlGo/rffXmJDYU0+enwARNtkif9aKr cspnqRKVToL8hvPLOgGjeTnxFNcXXAXJGzKwQyP4I0x2S8fsKGpE0dRUeFSKwcz4 78e44jd9K6gq6wFGDR7mtZf9xTvwb2O5k4ltass0D3qzQBIm/+tvkGyLDTkZ9gBo /3VN56iax6xD+/lFK7uRL5BaJ5UriX4RwvsHB+CZYLv+hYo2VRdNTV3Y6gAj2E6i Fs1sPwRFprHqJhBpb7ggLvdNGCeaFmzDUI7Zwg6OVjxpPfCW1kd/mdulMIoTwAvx pPdbyuTfQ9uBAuqLLh4sV2GyXFmIyLDSEaTpCyCGJEiZ8J40d5AdoffPL7PK4FXe Edg0OLHmG3qnKS/DrmE/R9KrqAynb+IUb3f3IcEe/fBT72Y36Ugbw0hMhc5YUcYY u/gTeAYgLQpveWGof7w8DA8Y3er5j/rNJ0CKMb5JPfaj7eArxbN5YWQDZabYP2T8 rtbTo9kml2g8LltbzmH5wlrpVqt7n3+u49aq+2/Y5X1nc3D/JZEQ0S40aNTotr+V XWE0mBHORC9JF8ugcJiejI9p8x7sSryY3fNk9Ub6cpbvRaKDL0GCD1o5glIGliML y/Z5eYky5aU= =Pei3 -----END PGP SIGNATURE-----
