Report: TOR being abused by agencies and groups
Posted 21 November 2007 - 07:02 PM
From heise Security: "By publishing his TOR hack, Swedish researcher Dan Egerstadt recently provided users with a timely reminder that The Onion Router (TOR) anonymisation network should be enjoyed with caution. By setting up five exit-nodes, Egerstad sniffed out large amounts of e-mail access data from embassies and government agencies and published some of this data on the internet. Since a user cannot know who operates the individual exit-node through which his traffic passes, TOR users are advised to always make use of additional encryption.
Members of the Teamfurry community got curious and took a look at the advertised configurations of a few randomly selected TOR exit-nodes. They stumbled on some extremely interesting results. There are, for example, exit-nodes which only forward unencrypted versions of certain protocols. One such node only accepts unencrypted IMAP and POP connections (TCP ports 143 and 110) and only forwards messenger connections from AIM, Yahoo IM and MSN Messenger if they are received on ports on which traffic is handled as plain text. The same procedure is applied to Telnet and VNC connections, used for remote access to systems. Further, there are systems which are only interested in specific destinations and, for example, exclusively forward HTTP packets bound for MySpace and Google. HTTPS traffic to these destinations is, however, blocked..."
Things that I don't suck at: Photography (flickr, JPG Mag),
"Don't bail; the best gold is at the bottom of barrels of crap!" -Randy Pausch
I have people-skills goddamnit! What is wrong with you people!!! | www.skyrill.com
Posted 23 November 2007 - 02:16 AM
cool educating stuff there anyway thanx
Posted 26 November 2007 - 01:06 AM
lol I bet old Bill uses it thinking jobs can't spy on him heh
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users