is that the hack was tested by acting as a node in the Tor network.. Isnt it ironic?
As an experiment, Marlinspike placed his proxy software on a node in the Tor network and intercepted 200 requests for SSL encrypted pages over 20 hours, including 114 Yahoo! credentials, 50 Gmail credentials and 16 credit-card numbers. None of the users refused to enter their sensitive information into the unencrypted page, he said.
Man-in-the-middle attack sidesteps SSL
A man in the middle attack using a proxy is quite obvious (although I do not seek to minimalise the hack, really!) but getting the user to actually use the proxy is the tough part 🙂 This will work for people on your network (so you can actually force them to use that proxy if they want to go onlune) or maybe if you can persuade some dumb fuck to use that proxy for whatever reason, .. So thats not that easy. But if you go on acting as a tor node, routing packages for strangers, you ve got all this trafic passing through, people logging in & all that .. Routing that traffic through your tweaked proxy solves the “how to ..” part 🙂
And the funny thing is, that Tor is all about “Anonymity Online” 🙂 So its people who take this effort to surf Annonymous getting hacked, losing their email & facebook credentials (and more) and thus losing all annonymity & privacy 🙂
Yes, it is!
One thought on “Funny thing about the SSL hack”
*shrugs* Tor will not cure users of stupidity.