Tag Archive for 'Anonymisierung'

Torheit von Torbenutzern

Stephan Schmieder, von H Zero Seven, betreibt einen Tor-Endknoten. Völlig unerwartet kann man dort Benutzernamen und Passwörter mitsniffen, wenn die Verbindung zwischen Client und Server nicht verschlüsselt wird.

Hi there,

we recognized that people paranoid enough to use tor
are still dumb enough to use plaintext-authentication protocols like pop3 and telnet.
They might think it’s “secure because tor encrypts it”.
This isn’t the case.

it’s encrypted, but …
… communication from client to entry node and exit node to server will still remain as is.
Pop3, telnet and others will still be plain-text and thus subject to sniffing.

Links extern:
unixgu.ru :: tor
H Zero Seven | Unix/OSS Development & Research Team since 1999