[FDE] Tor is an Anonymizer NOT a VPN

djevans at ironkey.com djevans at ironkey.com
Tue Sep 25 09:48:52 MDT 2007 

There a bit of truth to both views.  Tor does encrypt traffic from the user's computer through to the exit node.  Thus is appears as an SSL vpn for TCP traffic to all observers between the user and the exit node.

What Dan did was setup malicious exit nodes "mal-nodes" to sniff on the traffic exiting those nodes.  People we logging into webmail on unencrypted channels.

Theoretically you could create an end-to-end encrypted tunnel using tor by running an exit node inside your network and selecting your exit node to be that node.

-----Original Message-----
From: "Ali, Saqib" <docbook.xml at gmail.com>

Date: Tue, 25 Sep 2007 08:15:14 
To:FDE at www.xml-dev.com
Subject: [FDE] Tor is an Anonymizer NOT a VPN


Wired is reporting on how many folks mistake TOR for an end-to-end
encryption channel. TOR is merely an anonymizer. Freelance security
researcher Dan Egerstad discovered that any were using TOR to send
confidential information.

>From the article <
http://www.wired.com/politics/security/news/2007/09/embassy_hacks >:
Among the data he (Dan Egerstad) initially collected was e-mail from
an Australian embassy worker with the subject line referring to an
"Australian military plan."

Under Tor's architecture, administrators at the entry point can
identify the user's IP address, but can't read the content of the
user's correspondence or know its final destination. Each node in the
network thereafter only knows the node from which it received the
traffic, and it peels off a layer of encryption to reveal the next
node to which it must forward the connection. (Tor stands for "The
Onion Router.")

But Tor has a known weakness: The last node through which traffic
passes in the network has to decrypt the communication before
delivering it to its final destination. Someone operating that node
can see the communication passing through this server.


Read more at:
http://www.wired.com/politics/security/news/2007/09/embassy_hacks
_______________________________________________
FDE mailing list
FDE at www.xml-dev.com
http://www.xml-dev.com/mailman/listinfo/fde

More information about the FDE mailing list