Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Joan Battaglia
October 26, 2007, 12:57 pm
rate this thread
I read this article where, apparently
- government personnel used insecure passwords
- hackers (presumably not using Tor) guessed their passwords
- those hackers (now using Tor for anonymity) constantly read their email
- the security expert set up 5 rogue Tor servers to intercept passwords
- he wrongly concluded at first the governments were using Tor
- he complained to the governments who ignored it (they weren't using Tor)
- he published their government login and passwords to get their attention
- he then realized the hackers were the ones using Tor
- in the end - it was the same result - Tor exposes passwords
He concluded people need https to protect their password from Tor servers
But, did I hear you say even https exposes your password to the Tor server?