Tor Used To Collect Embassy Email Passwords 99
Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.
Raising the question... (Score:3, Interesting)
This reminds me... (Score:5, Interesting)
Encryption is difficult for laypersons. (Score:4, Interesting)
Tor uses the concept of 'onion routing' to obscure the source and destination of content passed through it. What this means is that, like an onion, content is wrapped in multiple layers of destinations and buried in the ground (or routed) until, after a delay, shoots come up (the headers are interpreted and the onion is passed to another destination) and ultimately the onion is ready to be dug out of the ground (the content reaches its destination).
Unfortunately, it's possible to tell it's still an onion by the time it reaches your house. And that's what this article is referring to. If you wrapped an apple in an onion (used secure public key encryption) then you have an additional layer of security. That's a whole nother layer of complication, however.
Is it still called a man-in-the middle attack (Score:5, Interesting)
Re:Raising the question... (Score:3, Interesting)