#7430: Easy MITM against check.tpo (not SSL-related)
-------------------------+--------------------------------------------------
Reporter: cypherpunks | Owner:
Type: defect | Status: new
Priority: major | Milestone:
Component: Tor Check | Version:
Keywords: | Parent:
Points: | Actualpoints:
-------------------------+--------------------------------------------------
Comment(by arma):
Yes, I think you're right that this attack would work fine.
I'm not too worried though, because using an external website (with its
various false positives and false negatives) is silly from within TBB
anyway: Tor Browser Button can check whether it's configured correctly,
full stop.
So the check website is already more like a homepage for TBB users than an
actual "are you using Tor correctly" page.
There are a bunch of tickets around here for "stop hitting check.tp.o on
startup" and the like.
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/7430#comment:1>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
[email protected]
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs
