Phishing attacks on Tor anonymisation network

It seems the recently publicised list containing the log-in credentials of e-mail accounts of embassies and government institutions was gathered due to insecure usage of the Tor anonymisation network. The Swede Dan Egerstad, who has also posted the list on his blog, has now explained how he gained access to the 100 log-ins and passwords: he has equipped five Tor exit nodes with password sniffers to analyse the data traffic routed through these nodes.

While the Tor network provides IP address anonymisation, it is by no means trustworthy, since anybody can operate an exit node. Although the data is encrypted within the Tor network, the exit nodes have unencrypted access to the data, assuming Tor users send their data without encrypting it themselves. Of course, this behaviour not only affects e-mail log-ins, but also web pages and other data routed through the Tor network. heise Security - News - Phishing attacks on Tor anonymisation network

Linked by shanmuga Wednesday, 12th September 2007 1:17AM