Re: this reading could be fun or serious

["Pace, Guy" <gpace () CIS CTC EDU>]

 Hey, Vuong! This also appeared on SANS. Here is a link to the article.

http://isc.sans.org/diary.html?storyid=3366

It appears that an ID and password is exposed when using this service
when someone is sniffing the unencrypted side of a session.


Guy L. Pace, CISSP
Security Administrator
Center for Information Services (CIS)
3101 Northup Way, Suite 100
Bellevue, WA 98004
425-803-9724

gpace () cis ctc edu


-----Original Message-----
From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU] 
Sent: Tuesday, September 11, 2007 12:24 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: [SECURITY] this reading could be fun or serious

Hello everyone,

I am a sys admin and no security expert. I read this post from Slashdot
regarding ToR

http://www.derangedsecurity.com/time-to-reveal%E2%80%A6/

I know that sending my username and password via unencrypted channel is
a no no, but most poeple use ToR may think that they are annonymous to
everything (including their data/password)

I am not sure how much true to the post and would like to hear your
comments; especially from the security expert and specialist on this
list.

Thanks!

Vuong