Re: How safe is Tor for logging into http (nont https) web sites
am 26.10.2007 14:57:37 von Joan BattagliaOn Fri, 26 Oct 2007 03:35:03 -0500, VanguardLH wrote:
> http://arstechnica.com/news.ars/post/20070910-security-exper t-used-tor-to-collect-government-e-mail-passwords.html
> You get anonymity, not necessarily security, with P2P networks.
I read this article where, apparently
- government personnel used insecure passwords
- hackers (presumably not using Tor) guessed their passwords
- those hackers (now using Tor for anonymity) constantly read their email
- the security expert set up 5 rogue Tor servers to intercept passwords
- he wrongly concluded at first the governments were using Tor
- he complained to the governments who ignored it (they weren't using Tor)
- he published their government login and passwords to get their attention
- he then realized the hackers were the ones using Tor
- in the end - it was the same result - Tor exposes passwords
He concluded people need https to protect their password from Tor servers
But, did I hear you say even https exposes your password to the Tor server?