Re: this reading could be fun or serious

[Curt Wilson <curtw () SIU EDU>]

HD Moore did some research on Tor use by setting up an exit node and
analyzing traffic. I'm sure he was not the first, and you can bet
criminals and others with malicious motives have been doing this from
the start.

I use Tor to download suspected malware that may have affected campus.
There are various FireFox add-ons that will give you at-a-glance status
of whether you are using Tor or not, to avoid any plaintext leakage (of
course, no one on this list uses plaintext, right?)

Curt


Pace, Guy wrote:
>  Hey, Vuong! This also appeared on SANS. Here is a link to the article.
>
> http://isc.sans.org/diary.html?storyid=3366
>
> It appears that an ID and password is exposed when using this service
> when someone is sniffing the unencrypted side of a session.
>
>
> Guy L. Pace, CISSP
> Security Administrator
> Center for Information Services (CIS)
> 3101 Northup Way, Suite 100
> Bellevue, WA 98004
> 425-803-9724
>
> gpace () cis ctc edu
>
>
> -----Original Message-----
> From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU]
> Sent: Tuesday, September 11, 2007 12:24 PM
> To: SECURITY () LISTSERV EDUCAUSE EDU
> Subject: [SECURITY] this reading could be fun or serious
>
> Hello everyone,
>
> I am a sys admin and no security expert. I read this post from Slashdot
> regarding ToR
>
> http://www.derangedsecurity.com/time-to-reveal%E2%80%A6/
>
> I know that sending my username and password via unencrypted channel is
> a no no, but most poeple use ToR may think that they are annonymous to
> everything (including their data/password)
>
> I am not sure how much true to the post and would like to hear your
> comments; especially from the security expert and specialist on this
> list.
>
> Thanks!
>
> Vuong


--
Curt Wilson
IT Network Security Officer
Southern Illinois University Carbondale
618-453-6237

GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc