TOR node operators obtaining login credentials?
Web Server forum
Back To The Forum Home!Search!Private Messaging System
Visit your User Control Panel!Register your FREE username now!Visit Our Calendar!View the Member List!Faqs!Search our Forums!

Web Server Talk Web Server Talk > WebserverTalk Community > Anonymous Servers > TOR node operators obtaining login credentials?




  Last Thread   Next Thread Next
  Show Printable Version Email this Page Subscribe to this Thread      Post New Thread    Post A Reply      

    TOR node operators obtaining login credentials?  
BT


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-09-07 12:13 AM

Can a TOR node operator (exit node, or other) obtain the login/
password information of someone using the TOR  circuit to login to
Hotmail, Yahoo, Google, etc?




[ Post a follow-up to this message ]



    Re: TOR node operators obtaining login credentials?  
George Orwell


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-09-07 06:13 AM

BT wrote:

> Can a TOR node operator (exit node, or other) obtain the login/ password
> information of someone using the TOR  circuit to login to Hotmail,
> Yahoo, Google, etc?

Of course. They can even launch MITM attacks against SSL encrypted
connections and get that information from a secured channel if you're not
paying attention.

In other words they're no different than any other "node" on any other
Internet connection, which is why you should use SSL/TLS when
transmitting sensitive things like passwords and not turn off the
security settings that notify you about certificate problems or changes.

Just like you should be doing for "normal" Internet usage. ;-)




[ Post a follow-up to this message ]



    Re: TOR node operators obtaining login credentials?  
Nomen Nescio


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-09-07 12:13 PM

BT <bn_templar@yahoo.com> wrote:

> Can a TOR node operator (exit node, or other) obtain the login/
> password information of someone using the TOR  circuit to login to
> Hotmail, Yahoo, Google, etc?

Unless you send them over encrypted HTTPS, the exit node sees the plain
text of your HTTP requests.




[ Post a follow-up to this message ]



    Re: TOR node operators obtaining login credentials?  
cxvsr214


View Ip Address Report This Message To A Moderator Edit/Delete Message


 
07-09-07 12:13 PM

BT wrote:
> Can a TOR node operator (exit node, or other) obtain the login/
> password information of someone using the TOR  circuit to login to
> Hotmail, Yahoo, Google, etc?
>
great idea!




[ Post a follow-up to this message ]



    Sponsored Links  




 



   All times are GMT. The time now is 08:52 AM.      Post New Thread    Post A Reply      
  Last Thread   Next Thread Next


Most Popular forums 
Apache Server MySQL for Windows Sendmail
Red Hat Networking SuSe Linux Debian Linux
FreeBSD administration Sun Solaris administration Unix Shell programming
WebSphere Portal Server Exchange 2000 administration PostgreSQL administration
Linux Security Computer Security Firewalls

Forum Jump:
Rate This Thread:

Forum Rules:
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts 		HTML code is OFF
vB code is ON
Smilies are ON
[IMG] code is OFF
 
Medical and Health forum | Computer Games Reviews | Graphics design forum

Back To The Top
Home | Usercp | Faq | Register