On Tue, 26 Nov 2013 10:54:58 +0000 Mike Cardwell <tor@xxxxxxxxxxxxxxxxxx> allegedly wrote: > If I, as a random geek, wanted to mess around with MITM attacks to see > what information I could steal, I have a few options: I could do it > on my LAN at home, targetting friends and family. I could do it at > work and risk my job. I could go to somewhere with an open wifi hot > spot and target a couple of coffee drinkers reading the news. Or I > could spend a couple of minutes setting up a Tor exit node from the > comfort of my office, getting sustained access to the traffic of > thousands of strangers all over the World. This is why I think > malicious Tor Exit nodes are widespread: Because setting them up is > easy, attractive and safe. > Agreed. One simple and excellent example would be Dan Egerstad's interception of POP/IMAP UID/passwds back in 2007. That just happens to be public knowledge. Much else probably goes on, but is not public knowledge. As Egerstad reportedly said at the time: For example, several Tor nodes in the Washington, D.C., area can handle up to 10TB of data a month, a flow of data that would cost at least $5,000 a month to run, and is likely way out the range of volunteers who run a node on their own money, Egerstad said. "Who would pay for that?" Egerstad said. http://www.infoworld.com/d/security-central/security-researcher-intercepts-embassy-passwords-tor-148 Mick --------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 http://baldric.net ---------------------------------------------------------------------
Attachment:
signature.asc
Description: PGP signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk