Author

Topic: Attempted MITM on BitPay over Tor (Read 1177 times)

global moderator
Activity: 3990
Merit: 2717
Join the world-leading crypto sportsbook NOW!
November 09, 2014, 01:32:27 AM
#8
Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?

Users have reported thefts from their blockchain.info accounts as well.
member
Activity: 98
Merit: 10
November 09, 2014, 01:29:05 AM
#7
Report the bad exit nodes to the tor project, they will blacklist their IPs
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
November 09, 2014, 01:27:26 AM
#6
The page was designed as a BitPay page. So at least in this case they didn't replace random bitcoin addresses.
hero member
Activity: 532
Merit: 500
November 09, 2014, 01:26:24 AM
#5
Sounds to me like Tor is fucking useless.
As of recently tor has become much less secure when connecting to non-tor sites via tor.

The TOR project has not been able to determine exactly how law enforcement was able to find the identities/locations of the onion sites, however it is most likely (IMO) that they used some kind of timing attack
hero member
Activity: 938
Merit: 501
November 09, 2014, 12:23:52 AM
#4
Tor is a complete waste of time. trading in suboptimal anonymity for guaranteed insecurity.
legendary
Activity: 1260
Merit: 1000
World Class Cryptonaire
November 08, 2014, 10:59:09 PM
#3
Hmm. Can you confirm that this is only for bitpay? Or do they replace all bitcoin addresses?
sr. member
Activity: 337
Merit: 250
November 08, 2014, 10:59:05 PM
#2
Sounds to me like Tor is fucking useless.
hero member
Activity: 900
Merit: 1014
advocate of a cryptographic attack on the globe
November 08, 2014, 10:38:58 PM
#1
Some links to BitPay are hijacked by evil exit nodes. Their SSL certificate isn't for BitPay but seems generated on the fly. The new page then tries to get you to pay to one of their BTC addresses. Anyone else see this? Nice attack vector.
Jump to: