Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Embassy leaks highlight pitfalls of Tor
Robert Lemos, SecurityFocus 2007-09-10

A Swedish security professional that posted the usernames and passwords for 100 e-mail accounts belonging to various nations' embassies and political parties revealed on Monday that he exploited the improper usage of the Tor network -- a distributed system of computers that anonymizes the source of network traffic -- to collect the information.

Comments Mode:
Embassy leaks highlight pitfalls of Tor 2007-09-11
Anonymous
This is hardly a pitfall of Tor.

This is a pitfall of uneducated users trying to use something that they didn't RTFM.

You get what you pay for. Lazy government officials that won't take the time to make sure they are not doing something half-assed. Hence the passwords equivalent to "1234"....

[ more ]  [ reply ]
what a joke 2007-09-11
Anonymous (2 replies)
Is that a joke? How is it possible to be so naive?

most of what that guy sniffed were of course not the legitimate users checking their mails via Tor.

He sniffed foreign intelligence agencies spying on those victims.

Just look at the list of those countries. Most of them are premium choic...

[ more ]  [ reply ]
Re: what a joke 2007-09-18
mark
actually, given US government's access to IP traffic via Echelon, I doubt they would care about Tor one way or another... ...

[ more ]  [ reply ]
Re: what a joke 2007-10-03
Anonymous
They're talking about sent messages....

[ more ]  [ reply ]
Embassy leaks highlight pitfalls of Tor 2007-09-12
Anonymous
Even if ssl layer is used, i don't know the details of tor but i'd imagine if your going to connect to an untrusted tor proxy then the ssl is unlikely to save your bacon if he's determined! Tor is mainly to stop location info being derived not security....

[ more ]  [ reply ]
Embassy leaks highlight pitfalls of Tor 2007-09-19
Anonymous
Damm! That was a pretty neat way to educate people to encrypt sensitive data. People just dont get it. I recently wrote a blog post called "Reading passwords over the Internet : Step by Step Guide " at http://blog.netotto.com/index.php?m=09&y=07&entry=entry070915-033128

with the intent to convince ...

[ more ]  [ reply ]




 

Privacy Statement
Copyright 2009, SecurityFocus