Follow Slashdot blog updates by subscribing to our blog RSS feed

Tor Used To Collect Embassy Email Passwords 99

Posted by kdawson on Tuesday September 11, 2007 @01:57PM from the getting-their-attention dept.

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

This discussion has been archived. No new comments can be posted.

Tor Used To Collect Embassy Email Passwords

Search 99 Comments Log In/Create an Account

Comments Filter:

Raising the question... (Score:3, Interesting)

by InvisblePinkUnicorn ( 1126837 ) writes: on Tuesday September 11, 2007 @02:01PM (#20557915)

Why are embassy officials using Tor? Trying to hide something?

Share
twitter facebook
This reminds me... (Score:5, Interesting)

by betterunixthanunix ( 980855 ) writes: on Tuesday September 11, 2007 @02:01PM (#20557923)

...of a guy in a class I took who had packet sniffed our network, then reported my university e-mail password to me. Why? Because the university refused to enable SSL-secured POP3. A quick email reveals that, in fact, they were never planning to, and that I am just SOL.

Share
twitter facebook
Encryption is difficult for laypersons. (Score:4, Interesting)

by Sheetrock ( 152993 ) writes: on Tuesday September 11, 2007 @02:05PM (#20558025) Homepage Journal

Tor uses the concept of 'onion routing' to obscure the source and destination of content passed through it. What this means is that, like an onion, content is wrapped in multiple layers of destinations and buried in the ground (or routed) until, after a delay, shoots come up (the headers are interpreted and the onion is passed to another destination) and ultimately the onion is ready to be dug out of the ground (the content reaches its destination).

Unfortunately, it's possible to tell it's still an onion by the time it reaches your house. And that's what this article is referring to. If you wrapped an apple in an onion (used secure public key encryption) then you have an additional layer of security. That's a whole nother layer of complication, however.

Share
twitter facebook
Is it still called a man-in-the middle attack (Score:5, Interesting)

by joeflies ( 529536 ) writes: on Tuesday September 11, 2007 @02:07PM (#20558075)

if you voluntary place the said man in the middle?

Share
twitter facebook
Re:Raising the question... (Score:3, Interesting)

by varmittang ( 849469 ) writes: on Tuesday September 11, 2007 @02:58PM (#20559239)

One person already brought up the idea that it could be hackers using tor, and that they are reading the emails of the embassy officials. tor just helps them cover their tracks.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Tor Used To Collect Embassy Email Passwords 99

Tor Used To Collect Embassy Email Passwords More Login

Tor Used To Collect Embassy Email Passwords

Raising the question... (Score:3, Interesting)

This reminds me... (Score:5, Interesting)

Encryption is difficult for laypersons. (Score:4, Interesting)

Is it still called a man-in-the middle attack (Score:5, Interesting)

Re:Raising the question... (Score:3, Interesting)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot