reply to InfinityDev
Re: Simple solution There is a solution though. It's called TOR and it allows encrypted traffic to proxy servers through which you can browse the regular internet. I'm not aware of any exploit against TOR at this time that would allow man-in-the middle as it doesn't use the SSL chain of trust. Though there is speculation that if a government provided a proxy node they could potentially identify some users. The probability is extremely low that this would succeed due to the onion routing, though it is technically possible. The only issue to deal with is that TOR is slow (because of the onion routing). TOR has been a documented resource in allowing people in oppressive totalitarian regimes to bypass the censorship regimes and provide real information flow.
The beauty of TOR over generalized proxy's is that the traffic is routed through multiple proxies before source and destination, thus shielding both sides from oppressive government (or ISP in this case) action.
Matt3All noise, no signal.Premium
said by rahvin112:Tor is no solution, asshat torrenters and child pornographers have ruined the network.
There is a solution though. It's called TOR and it allows encrypted traffic to proxy servers through which you can browse the regular internet. I'm not aware of any exploit against TOR at this time that would allow man-in-the middle as it doesn't use the SSL chain of trust.
As far as exploits, why, a simple Google search shows there is in fact an easy way to perform a man-in-the-middle attack, even of SSL encrypted traffic.
said by article :
He then mentioned all the passwords, and credit card numbers that SSLstrip was able to pull from Tor users and save in plain text (You dont shop using Tor do you?).
reply to rahvin112
Tor is not a solution, it's a workaround. Using Tor you'd bypass your ISPs hijacking, but you have no idea if the exit node you picked has a similar hijacking ISP.
The only way to protect against this kind of hijacking is https or perhaps IP-level authentication that I think IPv6 can provide.
Check out my awesome city of MxxTopia »mxxtopia.myminicity.com/ind or »mxxtopia.myminicity.com (the more people visit, the bigger it is)
reply to Matt3
If one uses their browser in default setting as intended, a Man in the Middle attack is not transparent and will fail.
Your browser will issue a warning saying the Cert does not match.
All the rest is FUD.