[LINK] hack of the year
Jan Whitaker
jwhit at janwhitaker.com
Wed Nov 14 15:27:30 AEDT 2007
http://www.theage.com.au/articles/2007/11/12/1194766589522.html
The hack of the year
November 13, 2007
Next
A Swedish hacker tells how he infiltrated a global communications
network used by scores of embassies over the world, using tools
freely available on the internet.
In August, Swedish hacker Dan Egerstad gained access to sensitive
embassy, NGO and corporate email accounts. Were they captured from
the clutches of hackers? Or were they being used by spies? Patrick
Gray investigates the most sensational hack of 2007.
[snip]
The problem, says Vitaliev, is some Tor users assume their data is
protected from end to end. "As in pretty much any other internet
technology, its vulnerabilities are not well understood by those who
use it (and) need it most," he says.
The discovery that sensitive, government emails were passing through
Tor exit nodes as unencrypted, readable data was only mildly
surprising to Egerstad. It made sense - because Tor documentation
mentions "encryption", many users assume they're safe from all
snooping, he says.
"People think they're protected just because they use Tor. Not only
do they think it's encrypted, but they also think 'no one can find
me'," Egerstad says. "But if you've configured your computer wrong,
which probably more than 50 per cent of the people using Tor have,
you can still find the person (on) the other side."
Initially it seemed that government, embassy, NGO and corporate
staffers were using Tor but had misconfigured their systems, allowing
Egerstad to sniff sensitive information off the wire. After Egerstad
posted the passwords, blame for the embarrassing breach was initially
placed on the owners of the passwords he had intercepted.
[snip]
Jan Whitaker
JLWhitaker Associates, Melbourne Victoria
jwhit at janwhitaker.com
business: http://www.janwhitaker.com
personal: http://www.janwhitaker.com/personal/
commentary: http://janwhitaker.com/jansblog/
Living, like writing, requires no wisdom. Only revising does. - Jim
Sollisch, Sept, 2007
'Seed planting is often the most important step. Without the seed,
there is no plant.' - JW, April 2005
_ __________________ _
More information about the Link
mailing list