Your Peace of Mind is our Commitment

Contact Us English Recent Articles

Tor used for Man-in-the-Middle Attacks

First published: 30th November 2007

Following last month's news of Dan Egerstad's collection of POP3 and IMAP passwords using a sniffer on a Tor exit node, MW-Blog has found evidence that malicious Tor exit nodes are being used for Man-in-the-Middle attacks on SSL sessions.

The researcher accessed a known SSL server via a variety of Tor exit nodes and looked the SSL certificates received "via" different nodes. One node, in Germany, provided a fake certificate. It was reported to the German authorities, and the node is no longer available. However, this highlights the potential for abuse of the Tor technology.

More Information

Related Articles