[tor-talk] "Safeplug"

mick mbm at rlogin.net
Tue Nov 26 12:57:44 UTC 2013


On Tue, 26 Nov 2013 10:54:58 +0000
Mike Cardwell <tor at lists.grepular.com> allegedly wrote:

> If I, as a random geek, wanted to mess around with MITM attacks to see
> what information I could steal, I have a few options: I could do it
> on my LAN at home, targetting friends and family. I could do it at
> work and risk my job. I could go to somewhere with an open wifi hot
> spot and target a couple of coffee drinkers reading the news. Or I
> could spend a couple of minutes setting up a Tor exit node from the
> comfort of my office, getting sustained access to the traffic of
> thousands of strangers all over the World. This is why I think
> malicious Tor Exit nodes are widespread: Because setting them up is
> easy, attractive and safe.
> 

Agreed. One simple and excellent example would be Dan Egerstad's
interception of POP/IMAP UID/passwds back in 2007. That just happens to
be public knowledge. Much else probably goes on, but is not public
knowledge.

As Egerstad reportedly said at the time:

For example, several Tor nodes in the Washington, D.C., area can handle
up to 10TB of data a month, a flow of data that would cost at least
$5,000 a month to run, and is likely way out the range of volunteers
who run a node on their own money, Egerstad said.

"Who would pay for that?" Egerstad said.

http://www.infoworld.com/d/security-central/security-researcher-intercepts-embassy-passwords-tor-148


Mick
 
---------------------------------------------------------------------

 Mick Morgan
 gpg fingerprint: FC23 3338 F664 5E66 876B  72C0 0A1F E60B 5BAD D312
 http://baldric.net

---------------------------------------------------------------------

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-talk/attachments/20131126/9a8a58e8/attachment.sig>


More information about the tor-talk mailing list