Slashdot Mirror


Tor Used To Collect Embassy Email Passwords

Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he collected 100 passwords from embassies and governments worldwide, without hacking into anything: he sniffed Tor exit routers. Both Ars and heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.

2 of 99 comments (clear)

  1. Unencrypted traffic is always unencrypted by eknagy · · Score: 5, Funny

    Well, the embassies should have used this new technology called "encryption". I heard that in the future, even browsers will support it...

    eknagy

  2. Re:Encryption is difficult for laypersons. by Ford+Prefect · · Score: 4, Funny

    Unfortunately, it's possible to tell it's still an onion by the time it reaches your house. And that's what this article is referring to. If you wrapped an apple in an onion (used secure public key encryption) then you have an additional layer of security.

    You know, not everybody likes onions. Cake! Everybody loves cakes! Cakes have layers!

    ...

    You know what else everybody likes? Parfaits. Have you ever met a person, you say, "Let's get some parfait," they say, "Hell no, I don't like no parfait"? Parfaits are delicious.
    --
    Tedious Bloggy Stuff - hooray?