Hello tor-talk mailing list, Today I was reading Dan Kaminsky's blog and I noticed a mention of Tor:
``Moxie Marlinspike, probably the smartest guy in the world right now on SSL issues, did a study a few years ago on how many Tor users — not even regular users, but Tor users, clearly concerned about their privacy and possessed with some advanced level of expertise -- would notice SSL being disabled and refuse to browse their desired content. Moxie didn’t find a single user who resisted disabled security. His tool, sslsniff, worked against 100% of the sample set.'' http://dankaminsky.com/2011/08/31/notnotar/ I did a Google search and found two articles mentioning this: http://www.forbes.com/2009/02/18/black-hat-hackers-technology-security_0218_blackhat.html http://www.theregister.co.uk/2009/02/19/ssl_busting_demo/page2.html Apparently people are spying on Tor users by setting up their own exit nodes and sniffing traffic?! This Moxie Marlinspike is even a well-respected researcher, apparently. He gives talks at Blackhat to government hacker wannabes. But stealing email passwords and credit card information? How is this legal in the US? The more I research this, the more it seems this sort of ``research'' is more common than not. Wikileaks, Jacob Appelbaum, Adrian Lamo, Moxie Marlinspike... who else? Iran?! The Tor Project needs to shed some light on this or it will have a serious problem with people wanting to use Tor at all... _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
