Flutterby™! : TOR compromising binaries

TOR exit node that's hot-patching binaries with malware.

At DerbyCon this year I gave a presentation of my binary patching framework, BDF. Many binaries are hosted without any transport layer security encryption. Some binaries are signed to prevent modification, but most are not. During that presentation, I talked about the MITM patching of binaries during download, and showed how easy it was using BDFProxy. I also mentioned that similar techniques are probably already in use on the Internet.

I had only circumstantial evidence until recently.