[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] "Safeplug"



On Tue, 26 Nov 2013 10:54:58 +0000
Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> allegedly wrote:

> If I, as a random geek, wanted to mess around with MITM attacks to see
> what information I could steal, I have a few options: I could do it
> on my LAN at home, targetting friends and family. I could do it at
> work and risk my job. I could go to somewhere with an open wifi hot
> spot and target a couple of coffee drinkers reading the news. Or I
> could spend a couple of minutes setting up a Tor exit node from the
> comfort of my office, getting sustained access to the traffic of
> thousands of strangers all over the World. This is why I think
> malicious Tor Exit nodes are widespread: Because setting them up is
> easy, attractive and safe.
> 

Agreed. One simple and excellent example would be Dan Egerstad's
interception of POP/IMAP UID/passwds back in 2007. That just happens to
be public knowledge. Much else probably goes on, but is not public
knowledge.

As Egerstad reportedly said at the time:

For example, several Tor nodes in the Washington, D.C., area can handle
up to 10TB of data a month, a flow of data that would cost at least
$5,000 a month to run, and is likely way out the range of volunteers
who run a node on their own money, Egerstad said.

"Who would pay for that?" Egerstad said.

http://www.infoworld.com/d/security-central/security-researcher-intercepts-embassy-passwords-tor-148


Mick
 
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------

Attachment: signature.asc
Description: PGP signature

-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk