Researchers find over 100 spying Tor nodes that attempt to compromise darknet sites
Boing Boing - 07/01/2016
When it comes to accessing public websites, Tor has an intrinsic security problem: though the nodes between your computer and the public internet are unable to see where the traffic is coming from or going to, the final hop in the network (known as an exit node) gets to know what webserver you are connecting to.
If that final hop isn’t protected by an HTTPS connection — if it takes place without encryption — then all the traffic between you and the webserver are an open book to the exit node. It can see what you send and what you receive, and it can tamper with the connection (for example, it can inject malicious code that exploits bugs in your browser to take it over). If your session includes identifying information — your Google cookie, say, or a login and password — then someone running a spying exit node can figure out who you are without having to poison your session.
A pair of security researchers from Northeastern University have announced a paper(to be delivered at this summer’s Def Con hacker convention in Las Vegas) that reveals over 100 spying Tor nodes that were shown to be targeting hidden services.