Wired is reporting on how many folks mistake TOR for an end-to-end encryption channel. TOR is merely an anonymizer. Freelance security researcher Dan Egerstad discovered that any were using TOR to send confidential information.
>From the article < http://www.wired.com/politics/security/news/2007/09/embassy_hacks >: Among the data he (Dan Egerstad) initially collected was e-mail from an Australian embassy worker with the subject line referring to an "Australian military plan." Under Tor's architecture, administrators at the entry point can identify the user's IP address, but can't read the content of the user's correspondence or know its final destination. Each node in the network thereafter only knows the node from which it received the traffic, and it peels off a layer of encryption to reveal the next node to which it must forward the connection. (Tor stands for "The Onion Router.") But Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server. Read more at: http://www.wired.com/politics/security/news/2007/09/embassy_hacks _______________________________________________ FDE mailing list [email protected] http://www.xml-dev.com/mailman/listinfo/fde
