At first, the local interceptor can extracts private authentication key from heartbleeded guard. Then emulate connection to IP of this guard (a substituted faked MiTM-ed version of the Guard) for the targeted users.
Something like this can be done at the any parts of the Tor-network for MiTMing and stripping connections between heartbleeded Tor-nodes for extracting some parts of information about routed circuits. On Fri, 11 Apr 2014 18:28:36 -0400 Roger Dingledine <[email protected]> wrote: > For example, I think the SSL spec says that you shouldn't be able to ask > for a heartbeat until the SSL handshake is finished, but I think OpenSSL > lets you ask for a heartbeat during the SSL handshake. If so, that means > any local network mitm attacker, not just your entry guard, can intercept > your outgoing TCP connection and ask you for some heartbeats. > > --Roger -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
