Educause Security Discussion mailing list archives
Re: this reading could be fun or serious
From: Curt Wilson <curtw () SIU EDU>
Date: Tue, 11 Sep 2007 17:59:46 -0500
HD Moore did some research on Tor use by setting up an exit node and analyzing traffic. I'm sure he was not the first, and you can bet criminals and others with malicious motives have been doing this from the start. I use Tor to download suspected malware that may have affected campus. There are various FireFox add-ons that will give you at-a-glance status of whether you are using Tor or not, to avoid any plaintext leakage (of course, no one on this list uses plaintext, right?) Curt Pace, Guy wrote:
Hey, Vuong! This also appeared on SANS. Here is a link to the article. http://isc.sans.org/diary.html?storyid=3366 It appears that an ID and password is exposed when using this service when someone is sniffing the unencrypted side of a session. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU] Sent: Tuesday, September 11, 2007 12:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] this reading could be fun or serious Hello everyone, I am a sys admin and no security expert. I read this post from Slashdot regarding ToR http://www.derangedsecurity.com/time-to-reveal%E2%80%A6/ I know that sending my username and password via unencrypted channel is a no no, but most poeple use ToR may think that they are annonymous to everything (including their data/password) I am not sure how much true to the post and would like to hear your comments; especially from the security expert and specialist on this list. Thanks! Vuong
-- Curt Wilson IT Network Security Officer Southern Illinois University Carbondale 618-453-6237 GnuPG key: http://www.infotech.siu.edu/security/curtw.pub.asc
Current thread:
- this reading could be fun or serious Vuong Phung (Sep 11)
- <Possible follow-ups>
- Re: this reading could be fun or serious Pace, Guy (Sep 11)
- Re: this reading could be fun or serious Curt Wilson (Sep 11)
- Re: this reading could be fun or serious Jeffrey I. Schiller (Sep 13)