First published: November 2007
Following last month's news of Dan Egerstad's collection of POP3 and IMAP passwords using a sniffer on a Tor exit node, MW-Blog has found evidence that malicious Tor exit nodes are being used for Man-in-the-Middle attacks on SSL sessions.
The researcher accessed a known SSL server via a variety of Tor exit nodes and looked the SSL certificates received "via" different nodes. One node, in Germany, provided a fake certificate. It was reported to the German authorities, and the node is no longer available. However, this highlights the potential for abuse of the Tor technology.
