Weakness in anonymity service expose “encrypted traffic”

As in many cases, it is seldom only the technologies fault the security fails. User can be blaimed for not reading (and understanding) how it really works but which of course in this case was not that obvious. Authentication is a another common problem that tries to be solved with more advanced technical solutions but the weakest link is always the human itself…..

Rogue Nodes Turn Tor Anonymizer Into Eavesdropper’s Paradise

A security researcher intercepted thousands of private e-mail messages sent by foreign embassies and human rights groups around the world by turning portions of the Tor internet anonymity service into his own private listening post.

Swedish computer security consultant Dan Egerstad posted the user names and passwords for 100 e-mail accounts used by the victims.

Tor is a privacy tool designed to prevent tracking of where a web user surfs on the internet and with whom a user communicates. It is often used by for example human-rights workers to communicate with journalists and many who use TOR has believe it was an end-to-end encryption tool.

Tor works by using servers donated by volunteers around the world to bounce traffic around en route to its destination. Traffic is encrypted through most of that route, and routed over a random path each time a person uses it.

But Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server.

~ by Andreas Sigurdsson on September 12, 2007.

One Response to “Weakness in anonymity service expose “encrypted traffic””

  1. […] Andreas Sigurdsson Wrote an interesting post today on digified.wordpress.comThe first bit is quoted here: […]

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: