Home page logo

educause logo Educause Security Discussion mailing list archives

Re: this reading could be fun or serious
From: Curt Wilson <curtw () SIU EDU>
Date: Tue, 11 Sep 2007 17:59:46 -0500

HD Moore did some research on Tor use by setting up an exit node and
analyzing traffic. I'm sure he was not the first, and you can bet
criminals and others with malicious motives have been doing this from
the start.

I use Tor to download suspected malware that may have affected campus.
There are various FireFox add-ons that will give you at-a-glance status
of whether you are using Tor or not, to avoid any plaintext leakage (of
course, no one on this list uses plaintext, right?)


Pace, Guy wrote:
 Hey, Vuong! This also appeared on SANS. Here is a link to the article.


It appears that an ID and password is exposed when using this service
when someone is sniffing the unencrypted side of a session.

Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004

gpace () cis ctc edu

-----Original Message-----
From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU]
Sent: Tuesday, September 11, 2007 12:24 PM
Subject: [SECURITY] this reading could be fun or serious

Hello everyone,

I am a sys admin and no security expert. I read this post from Slashdot
regarding ToR


I know that sending my username and password via unencrypted channel is
a no no, but most poeple use ToR may think that they are annonymous to
everything (including their data/password)

I am not sure how much true to the post and would like to hear your
comments; especially from the security expert and specialist on this



Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]