Hopefully the people using Tor would be "clued in" enough to check their certs. <shrug>
Arrakistor wrote: > Amazing(ly bad). Perhaps we need some sort of monster programs > stalking through the system to check for things like this. > > What I would like to know is how long the router on the node has been > spoofing the certs. Did this only come after we discussed the > possibility? If not, how fast can we fix this? Further, what else > aren't we thinking about? > > Regards, > Arrakistor > > Sunday, August 27, 2006, 8:24:06 PM, you wrote: > >> I would have bet good money against this, but there actually IS a >> router on the tor network spoofing SSL certs. The router '1' >> (218.58.6.159 - $BB688E312A9F2AFFFC6A619F365BE372695CA626) is >> providing self-signed SSL certs for just about every SSL site you hit >> through it. Nice. Is there a wiki page with bad tor nodes anywhere? > >> Let's hear it for paranoia! Hip hip hooray. > >> Is anyone else scanning? My list of hits on for this zip is awefully >> small.. It appears we may actually need to scan, folks. > >> An assortment of SSL certs provided by this router is attached in a >> .zip file. > >> Go ahead and hit up https://addons.mozilla.org.1.exit with >> socks_remote_dns and only a socks proxy (privoxy breaks the .exit >> notation), and be prepared to shit yourself. Does anyone know if >> firefox verifies cert sigs when downloading extension updates? > > >