Re: SSL MITM attack by a Tor exit
Hi, > Some interesting information about the self signed certificate: > > CN: Finjan.com Could be that provider of this exit point uses some network appliance. Some special firewall with antivirus, etc. protection, so called UTM (Unified Threat Management) device, which does traffic interception only to check for viruses or malicious code. Net neutrality ftw!! :-)) bye, M.
Re: Please Help Me Test my Hidden Service Pt. 2
It's running Qemu on an Ubuntu 9.04 server. Ringo 7v5w7go9ub0o wrote: > Ringo wrote: >> Hey Torizens, >> >> I've set up another hidden service to test my virtual machine setup. My >> new address is http://3rrf4fqicqwl7amf.onion and you can access drupal >> (and create content) at http://3rrf4fqicqwl7amf.onion. > > Which VM software are you using? on what kind of host? > >
Re: SSL MITM attack by a Tor exit
Some interesting information about the self signed certificate: CN: Finjan.com OU: Vital Security E: sale...@finjan.com L: Netanya ST: Sharon C: IL On 9/6/09, Tom Hek wrote: > Hello everyone, > > The Tor exit JustaNode (fingerprint: > dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6, > http://torstatus.blutmagie.de/router_detail.php?FP=dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6 > ) does a MITM attack on every SSL connection. The SSL certificate is > self signed for every SSL'ed website you want to request. I think this > exit must be marked a BadExit. > > - Tom >
SSL MITM attack by a Tor exit
Hello everyone, The Tor exit JustaNode (fingerprint: dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6, http://torstatus.blutmagie.de/router_detail.php?FP=dcc1c3f96b8459dc7a88e711f9cb2416126eb9d6 ) does a MITM attack on every SSL connection. The SSL certificate is self signed for every SSL'ed website you want to request. I think this exit must be marked a BadExit. - Tom
