|
Posted by Joan Battaglia on October 26, 2007, 8:57 am
If you were Registered and logged in, you could reply and use other advanced thread options
On Fri, 26 Oct 2007 03:35:03 -0500, VanguardLH wrote:
>
http://arstechnica.com/news.ars/post/20070910-security-expert-used-tor-to-collect-government-e-mail-passwords.html
> You get anonymity, not necessarily security, with P2P networks.
I read this article where, apparently
- government personnel used insecure passwords
- hackers (presumably not using Tor) guessed their passwords
- those hackers (now using Tor for anonymity) constantly read their email
- the security expert set up 5 rogue Tor servers to intercept passwords
- he wrongly concluded at first the governments were using Tor
- he complained to the governments who ignored it (they weren't using Tor)
- he published their government login and passwords to get their attention
- he then realized the hackers were the ones using Tor
- in the end - it was the same result - Tor exposes passwords
He concluded people need https to protect their password from Tor servers
But, did I hear you say even https exposes your password to the Tor server?
| 
XML site map