Wednesday, September 12, 2007

Another Way Around Tor

Tor works well as an anonymizer but shouldn't be relied upon for encryption, according to a security researcher who collected e-mails from the Russian and Indian embassies. Both used Tor for handling their diplomatic e-mail but didn't encrypt the traffic when it entered or left Tor.

The Swedish researcher, Dan Egerstad, got into Tor by setting up his node on a peer-to-peer network used by the embassies. Egerstad was able to grab user names and passwords for around 100 embassies in August.

I've reported on Tor security issues in previous posts.


Post a Comment

<< Home