All you Tor Users -- Encrypt your data!

[arsenal]

Not sure if this applies to anyone on here, but if you or anyone you know is using Tor http://en.wikipedia.org/wiki/Tor_(anonymity_network) make sure you encrypt your data.

As one security expert was able to access classified information of people who are using Tor. http://arstechnica.com/news.ars/post...passwords.html

Pretty interesting read if nothing else, for you security and computer geeks out there.

[Bobblehead]

Be sure not to tell anyone, but using Tor is how I get past my company's network filter (which is absolutely ######ed - I can get to Fark, but no links off Fark; I can go to ESPN but not SI; I can go to PVP-Online but not CtrlAltDel-Online). My head of IT knows I do this (I showed him how to do it) but I haven't broken the news to the network admin, he still seems proud of his "bulletproof" system.

[arsenal]

Nice!
I would love to run tor at work, because I hate the filtering they have set up.. but I would probably get fired for it.

[Bobblehead]

And just to clarify for people, this is no worse than ANYPLACE you log in using unencrypted credentials - any wireless cafe, airport hotspot, wherever. All these places can potentially grab unencrypted data.

The difference here is that TOR is often used to anonymize traffic, so people use it thinking they are secure. But since these are routers, people can set up their own nodes (which is encouraged), including the dark side of society, and they now have access to all the data passing through.

Just remember that you are vulnerable. Heck logging into CP your password is unencrypted and could be picked up by a packet sniffer. But will a hacker really care about your CP login? Probably not, but there are probably other sites that don't have security set up correctly, that is the real crux of the issue the analyst was trying to bring to light.
(Banks do it correctly - if you notice when you log on to a bank site the URL starts https: )

[Azure]

How is it any different from a proxy site?

And can it possibly be monitered by the network admin?

[Azure]

Quote:

Originally Posted by arsenal

Nice!
I would love to run tor at work, because I hate the filtering they have set up.. but I would probably get fired for it.

Another question....I was running Tor today on my network, and I noticed my Sonicwall did NOTHING to pick up the traffic or the bandwith I used with Tor.

As soon as I disabled it...everything worked again.

So is it possible that the network admin wouldn't even see what you're doing? Unless they check as to what you have installed on your computer...I would say no.