Funds stolen from blockchain.info

[PolarPoint]

Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

I don't know Tor enough to be criticising it, but the whole idea seems rather unsafe. I don't feel comfortable with typing any passwords in it.

[Tstar]

people who using TOR to access blockchain faced this problem
it was an issue with exit node on tor network

[ranochigo]

Tor is pretty safe as long as you download all the updates. The latest Tor update disabled SSL3 and it is not possible to MITM attack with the newest version.

I don't know Tor enough to be criticising it, but the whole idea seems rather unsafe. I don't feel comfortable with typing any passwords in it.

Traffic coming out of tor exit nodes are unencrypted. Rogue exit nodes can potential capture unencrypted information transmitted using HTTP instead of HTTPS. Alternatively, vulnerbilities in HTTPS can allow those exit nodes to see encrypted information and capture your passwords.

[P4man]

blockchain uses https (obviously). If there is a problem with that, a man in the middle attack wouldnt be confined to tor at all. Anyone who could snoop your traffic would be able to steal your coins, and that would be problematic to put it mildly.

[dooglus]

blockchain uses https (obviously). If there is a problem with that, a man in the middle attack wouldnt be confined to tor at all. Anyone who could snoop your traffic would be able to steal your coins, and that would be problematic to put it mildly.

That's not true. In order to use the POODLE exploit you need to be able to modify the stream, not just read it.

The problem is only with webservers which allow SSL3. Everyone should disable SSL3 to prevent the attack.

blockchain.info uses cloudflare, which seems to mean they don't use SSL3 - which leaves me wonder how this attack is being successful.