[Cryptography] MITM attacks on Tor exit nodes
Zooko Wilcox-OHearn
zooko at leastauthority.com
Mon Jun 8 17:05:34 EDT 2015
On Mon, Jun 8, 2015 at 5:28 PM, Henry Baker <hbaker1 at pipeline.com> wrote:
> I noticed my first MITM attack on a Tor circuit today, thanks to the recent upgrades of Tor & Firefox.
>
> Basically, https://www.wired.com complained that the TLS had been "downgraded" to an obsolete cipher. After asking Tor to establish a new Tor circuit for this site, the "problem" went away -- because the intermediate & exit nodes were different (and presumably un-MITM'd).
>
> Chinese? FBI? Bueller? Anyone?
You might like this new tool Honey Badger by David Stainton:
https://github.com/david415/HoneyBadger/blob/master/README.rst
"HoneyBadger is primarily a comprehensive TCP stream analysis tool for
detecting and recording TCP attacks. Perhaps it can assist in
discovering 0-days and botnets."
(Note: David is my employee at LeastAuthority.com, but Honey Badger is
not a LeastAuthority thing — it is David's 20% project.)
Regards,
Zooko
More information about the cryptography
mailing list