Malicious Russian Tor Exit Relays Intercepting encrypted Traffic of Facebook Users - http://thehackernews.com/2014/01/mal...it-relays.html
Tor is one of the best and freely available privacy software that lets people communicate anonymously online through a series of nodes that is designed to provide anonymity for users and bypass Internet censorship.
When you use the Tor software, your IP address remains hidden and it appears that your connection is coming from the IP address of a Tor exit relay or nodes, which can be anywhere in the world. An exit relay is the final relay that Tor traffic passes through before it reaches its destination.
According to a recent report 'Spoiled Onions: Exposing Malicious Tor Exit Relays', published by security researchers Phillip Winter and Stefan Lindskog revealed that almost 20 exit relays in the Tor anonymity network that attempted to spy on users’ encrypted traffic using man-in-the-middle techniques.
Both Researchers spent more than four months studying on the Tor exit nodes using their own scanning software called "exitmap" and detected suspicious behavior somewhere in Russian network. They identified 25 nodes that were tampering the web traffic and stripping out the encryption using 'sslstrip' attack.
They found some faulty nodes, may be because of configuration errors or ISP issues, but 19 nodes were caught using a bogus SSL certificate to perform man-in-the-middle attacks on users. Those buggy nodes were programmed to intercept only traffic to the Facebook website.