Jump to content


Photo
- - - - -

Report: TOR being abused by agencies and groups


  • Please log in to reply
2 replies to this topic

#1 usr.c

usr.c

    Boss, my code's compiling (xkcd)

  • Admins
  • 10,440 posts
  • Gender:Male
  • Interests:Software
    Soccer
    Photography
    RC cars
    Electronics

  • Nothing Selected

Posted 21 November 2007 - 07:02 PM

According to a report published by Swedish researcher Dan Egerstadt, preying eyes may be spying on your transmitted data once you flick that TOR switch on, reminding us once again that plug-in security, as one slashdot reader put it, is non-existent. More here and here.

From heise Security: "By publishing his TOR hack, Swedish researcher Dan Egerstadt recently provided users with a timely reminder that The Onion Router (TOR) anonymisation network should be enjoyed with caution. By setting up five exit-nodes, Egerstad sniffed out large amounts of e-mail access data from embassies and government agencies and published some of this data on the internet. Since a user cannot know who operates the individual exit-node through which his traffic passes, TOR users are advised to always make use of additional encryption.

Members of the Teamfurry community got curious and took a look at the advertised configurations of a few randomly selected TOR exit-nodes. They stumbled on some extremely interesting results. There are, for example, exit-nodes which only forward unencrypted versions of certain protocols. One such node only accepts unencrypted IMAP and POP connections (TCP ports 143 and 110) and only forwards messenger connections from AIM, Yahoo IM and MSN Messenger if they are received on ports on which traffic is handled as plain text. The same procedure is applied to Telnet and VNC connections, used for remote access to systems. Further, there are systems which are only interested in specific destinations and, for example, exclusively forward HTTP packets bound for MySpace and Google. HTTPS traffic to these destinations is, however, blocked..."


Things that I don't suck at: Photography (flickr, JPG Mag), Skydiving, Splitting atoms, Flying a space shuttle
"Don't bail; the best gold is at the bottom of barrels of crap!" -Randy Pausch
I have people-skills goddamnit! What is wrong with you people!!! | www.skyrill.com

#2 amir

amir

    SuperNova III Member

  • Support Team
  • 2,141 posts
  • Location:Toronto
  • Interests:http://adagio.fm<br />http://entranced.fm/

  • Canada

Posted 23 November 2007 - 02:16 AM

it's free so stop grumbling about the code being unsecure! whoever uses his credit card through anonymizers, is stupid or may be it's not as obvious to others as it is to us? what else did they complain about? damn, already forgot!

cool educating stuff there anyway original.gif thanx

#3 MaD_cOw

MaD_cOw

    No way... It compiles? SHIP IT!

  • Moderators
  • 609 posts
  • Location:Thunder Bay, Ontario Canada
  • Interests:Drumming,<br />Music,<br />Mountain Biking,<br />Modding,<br />Vintage Hardware,

  • Canada

Posted 26 November 2007 - 01:06 AM

Well using your creditcard number on Windows is just like giving it to a random guy in a back alley, you never know were it will go. Also if you really wanted to become safe I would use a VPN instead of TOR.

lol I bet old Bill uses it thinking jobs can't spy on him heh
-Mad_cow




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users