dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
107
share rss forum feed

rahvin112

join:2002-05-24
Sandy, UT
reply to InfinityDev

Re: Simple solution

There is a solution though. It's called TOR and it allows encrypted traffic to proxy servers through which you can browse the regular internet. I'm not aware of any exploit against TOR at this time that would allow man-in-the middle as it doesn't use the SSL chain of trust. Though there is speculation that if a government provided a proxy node they could potentially identify some users. The probability is extremely low that this would succeed due to the onion routing, though it is technically possible. The only issue to deal with is that TOR is slow (because of the onion routing). TOR has been a documented resource in allowing people in oppressive totalitarian regimes to bypass the censorship regimes and provide real information flow.

The beauty of TOR over generalized proxy's is that the traffic is routed through multiple proxies before source and destination, thus shielding both sides from oppressive government (or ISP in this case) action.


Matt3
All noise, no signal.
Premium
join:2003-07-20
Jamestown, NC
kudos:12
said by rahvin112:

There is a solution though. It's called TOR and it allows encrypted traffic to proxy servers through which you can browse the regular internet. I'm not aware of any exploit against TOR at this time that would allow man-in-the middle as it doesn't use the SSL chain of trust.

Tor is no solution, asshat torrenters and child pornographers have ruined the network.

As far as exploits, why, a simple Google search shows there is in fact an easy way to perform a man-in-the-middle attack, even of SSL encrypted traffic.

said by article :
He then mentioned all the passwords, and credit card numbers that SSLstrip was able to pull from Tor users and save in plain text (You don’t shop using Tor do you?).


»www.google.com/search?rlz=1C1CHF···e-middle


MxxCon

join:1999-11-19
Brooklyn, NY
reply to rahvin112
Tor is not a solution, it's a workaround. Using Tor you'd bypass your ISPs hijacking, but you have no idea if the exit node you picked has a similar hijacking ISP.
The only way to protect against this kind of hijacking is https or perhaps IP-level authentication that I think IPv6 can provide.
--
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is)


DataRiker
Premium
join:2002-05-19
00000

4 edits
reply to Matt3
If one uses their browser in default setting as intended, a Man in the Middle attack is not transparent and will fail.

Your browser will issue a warning saying the Cert does not match.

All the rest is FUD.