TOR - sniffing exit nodes
The (IT) press is buzzing somewhat with attacks against the onion router (TOR).
The problem is lies in an atack performed and used to gain access to mailboxes by creating and sniffing the unencrypted side of some Tor exit nodes.
From a technical perspective these attacks are known and documented in e.g. the Tor FAQ:
http://wiki.noreply.org/noreply/TheOnionRouter/TorFAQ#ExitEavesdroppers
Tor -tries to- provide anonymity. Anonymity and security are two different beasts. When passing unencrypted traffic (such as POP3, IMAP etc) you are basically not only handing the malicious Tor exit node the contents of your email, but also -in many cases- the keys (login and password) to your mailbox.
--
Swa Frantzen -- NET2S
Keywords:
0 comment(s)
Comments