|
Home > Archive > Anonymous Servers > July 2007 > TOR node operators obtaining login credentials?
You are viewing an archived Text-only version of the thread.
To view this thread in it's original format and/or if you want to reply to
this thread please [click here]
| Author |
TOR node operators obtaining login credentials?
|
|
|
| Can a TOR node operator (exit node, or other) obtain the login/
password information of someone using the TOR circuit to login to
Hotmail, Yahoo, Google, etc?
| |
| George Orwell 2007-07-09, 1:13 am |
| BT wrote:
> Can a TOR node operator (exit node, or other) obtain the login/ password
> information of someone using the TOR circuit to login to Hotmail,
> Yahoo, Google, etc?
Of course. They can even launch MITM attacks against SSL encrypted
connections and get that information from a secured channel if you're not
paying attention.
In other words they're no different than any other "node" on any other
Internet connection, which is why you should use SSL/TLS when
transmitting sensitive things like passwords and not turn off the
security settings that notify you about certificate problems or changes.
Just like you should be doing for "normal" Internet usage. ;-)
| |
| Nomen Nescio 2007-07-09, 7:13 am |
| BT <bn_templar@yahoo.com> wrote:
> Can a TOR node operator (exit node, or other) obtain the login/
> password information of someone using the TOR circuit to login to
> Hotmail, Yahoo, Google, etc?
Unless you send them over encrypted HTTPS, the exit node sees the plain
text of your HTTP requests.
| |
| cxvsr214 2007-07-09, 7:13 am |
| BT wrote:
> Can a TOR node operator (exit node, or other) obtain the login/
> password information of someone using the TOR circuit to login to
> Hotmail, Yahoo, Google, etc?
>
great idea! 
|
|
|
|
|