Tor Used To Collect Embassy Email Passwords - Slashdot

Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

×

Tor Used To Collect Embassy Email Passwords 99

Posted by kdawson on Tuesday September 11, 2007 @01:57PM from the getting-their-attention dept.

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

This discussion has been archived. No new comments can be posted.

Tor Used To Collect Embassy Email Passwords

Search 99 Comments Log In/Create an Account

Comments Filter:

Heh (Score:3, Funny)

by dada21 ( 163177 ) writes: <adam.dada@gmail.com> on Tuesday September 11, 2007 @02:03PM (#20557961) Homepage Journal

Of course something originally designed by the US Naval Research Laboratory and then spun off to an "independent pro-privacy group" such as the EFF would have loopholes, insecurities, and unwieldly aspects of it.

One thing that doesn't make sense to me: why does Tor operate MOSTLY over primary networks with non-tor functions? Doesn't it make sense that people who rely on Tor-offered anonymity would only operate the network bound to a specific NIC, a specific router and a specific network connection, separate from their main non-anonymous one? If anonymity is that important, why even bother trying to maintain an anonymous network connection concurrent with your non-anonymous one, with both utilizing the same single-point of exit/entry?

Doesn't make sense.

Share
twitter facebook
Unencrypted traffic is always unencrypted (Score:5, Funny)

by eknagy ( 1056622 ) writes: on Tuesday September 11, 2007 @02:04PM (#20557981)

Well, the embassies should have used this new technology called "encryption". I heard that in the future, even browsers will support it...

eknagy

Share
twitter facebook
apples and onions (Score:3, Funny)

by Anonymous Coward writes: on Tuesday September 11, 2007 @02:09PM (#20558097)

I'd hate to be around when you bake a pie.

Parent Share
twitter facebook
Re:Encryption is difficult for laypersons. (Score:5, Funny)

by Ford Prefect ( 8777 ) writes: on Tuesday September 11, 2007 @02:16PM (#20558295) Homepage

Unfortunately, it's possible to tell it's still an onion by the time it reaches your house. And that's what this article is referring to. If you wrapped an apple in an onion (used secure public key encryption) then you have an additional layer of security.

You know, not everybody likes onions. Cake! Everybody loves cakes! Cakes have layers!

...

You know what else everybody likes? Parfaits. Have you ever met a person, you say, "Let's get some parfait," they say, "Hell no, I don't like no parfait"? Parfaits are delicious.

Parent Share
twitter facebook
Re:This reminds me... (Score:3, Funny)

by betterunixthanunix ( 980855 ) writes: on Tuesday September 11, 2007 @02:22PM (#20558437)

I used the same trick in high school to get around a really annoying filter. This filter would sometimes block slashdot because there were too many curses, "sexual references," or just because the random block feature was active. A quick SSH to a box outside of the school, run w3m (our connection was pretty bad, so I needed to save some bandwidth), and I have the unfiltered web.

Parent Share
twitter facebook
Re:This reminds me... (Score:3, Funny)

by pclminion ( 145572 ) writes: on Tuesday September 11, 2007 @02:35PM (#20558745)

Heh. When I was in school, people would come to me if they'd forgotten their email password, because they knew I had all of them :-)

Parent Share
twitter facebook
Re:Raising the question... (Score:1, Funny)

by Anonymous Coward writes: on Tuesday September 11, 2007 @03:31PM (#20559905)

No, I'm sure nobody would have any reason for hiding their true identity on the internet if they weren't doing something nefarious, mister ... InvisiblePinkUnicorn.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

"What man has done, man can aspire to do." -- Jerry Pournelle, about space flight