Tor Used To Collect Embassy Email Passwords - Slashdot

Follow Slashdot blog updates by subscribing to our blog RSS feed

×

Tor Used To Collect Embassy Email Passwords 99

Posted by kdawson on Tuesday September 11, 2007 @01:57PM from the getting-their-attention dept.

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

This discussion has been archived. No new comments can be posted.

Tor Used To Collect Embassy Email Passwords

Search 99 Comments Log In/Create an Account

Comments Filter:

Raising the question... (Score:3, Interesting)

by InvisblePinkUnicorn ( 1126837 ) writes: on Tuesday September 11, 2007 @02:01PM (#20557915)

Why are embassy officials using Tor? Trying to hide something?

Share
twitter facebook
This reminds me... (Score:5, Interesting)

by betterunixthanunix ( 980855 ) writes: on Tuesday September 11, 2007 @02:01PM (#20557923)

...of a guy in a class I took who had packet sniffed our network, then reported my university e-mail password to me. Why? Because the university refused to enable SSL-secured POP3. A quick email reveals that, in fact, they were never planning to, and that I am just SOL.

Share
twitter facebook
Encryption is difficult for laypersons. (Score:4, Interesting)

by Sheetrock ( 152993 ) writes: on Tuesday September 11, 2007 @02:05PM (#20558025) Homepage Journal

Tor uses the concept of 'onion routing' to obscure the source and destination of content passed through it. What this means is that, like an onion, content is wrapped in multiple layers of destinations and buried in the ground (or routed) until, after a delay, shoots come up (the headers are interpreted and the onion is passed to another destination) and ultimately the onion is ready to be dug out of the ground (the content reaches its destination).

Unfortunately, it's possible to tell it's still an onion by the time it reaches your house. And that's what this article is referring to. If you wrapped an apple in an onion (used secure public key encryption) then you have an additional layer of security. That's a whole nother layer of complication, however.

Share
twitter facebook
Is it still called a man-in-the middle attack (Score:5, Interesting)

by joeflies ( 529536 ) writes: on Tuesday September 11, 2007 @02:07PM (#20558075)

if you voluntary place the said man in the middle?

Share
twitter facebook
Re:Raising the question... (Score:3, Interesting)

by varmittang ( 849469 ) writes: on Tuesday September 11, 2007 @02:58PM (#20559239)

One person already brought up the idea that it could be hackers using tor, and that they are reading the emails of the embassy officials. tor just helps them cover their tracks.

Parent Share
twitter facebook

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Related Links Top of the: day, week, month.

390 comments32-Hour Workweek for America Proposed by Senator Bernie Sanders
358 commentsWhat Should Happen to Empty Downtown Office Spaces?
340 commentsHacktivism Erupts In Response To Hamas-Israel War
324 comments'Feedback' Is Now Too Harsh. The New Word is 'Feedforward'
248 commentsWorkers are Resisting Calls to Return to Offices

They are relatively good but absolutely terrible. -- Alan Kay, commenting on Apollos