Security Researcher Intercepts Embassy Passwords From Tor
Jeremy Kirk writes on InfoWorld:
A security researcher who collected thousands of sensitive e-mails and passwords from the embassies of countries such as Russia and India blamed systems administrators on Monday for not using encryption to shield their traffic from snooping.More here.
Dan Egerstad, a 21-year-old security researcher, revealed on Monday he was able to capture the information by setting up his own node in a peer-to-peer network used by the embassies to make their Internet traffic anonymous.
The embassies relied on a volunteer network of servers using software called Tor (The Onion Router) to hide their Internet traffic and make it anonymous. Traffic sent through a Tor node is transmitted through a randomly selected series of other Tor nodes before exiting the network for its intended destination, so as to disguise the source and destination of the traffic.
But although traffic between nodes in a Tor network is encrypted by default, traffic entering and exiting the system is not, so anyone wanting to hide not only who are they are communicating with, but what they are saying, must apply an extra layer of encryption themselves. Embassies and companies neglected to do this, which left their information open for Egerstad to collect.
0 Comments:
Post a Comment
<< Home