[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tor-talk] SIGAINT email service targeted by 70 bad exit nodes





Le 23/04/2015 06:08, Roger Dingledine a écrit :
>I know we could SSL sigaint.org, but if it is a state-actor they could just
>use one of their CAs and mill a key.
This is not great logic. You're running a website without SSL, even though
you know people are attacking you? Shouldn't your users be hassling you
to give them better options?:)

As you say, SSL is not perfect, but it does raise the bar a lot. That
seems like the obvious next step for making your website safer for
your users.

Yes, you should use SSL/TLS and you and/or your users run the very excellent "interception detector" http://www.ianonym.com/intercept.html

Of course to be maximally efficient the tool should be installed on your site and it should be modified not to change the proxy settings (and then be compatible with the Tor browser, which unfortunately is currently not the case), because if the mitm is not stupid it can see that the destination IP in the socks message does not match your domain.

It can be tried with the secret "abcd" (abcd.sigaint.org)

--
Check the 10 M passwords list: http://peersm.com/findmyass
Anti-spies and private torrents, dynamic blocklist: http://torrent-live.org
Peersm : http://www.peersm.com
torrent-live: https://github.com/Ayms/torrent-live
node-Tor : https://www.github.com/Ayms/node-Tor
GitHub : https://www.github.com/Ayms

--
tor-talk mailing list - tor-talk@lists.torproject.org
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk