Educause Security Discussion mailing list archives
Re: this reading could be fun or serious
From: "Pace, Guy" <gpace () CIS CTC EDU>
Date: Tue, 11 Sep 2007 12:28:52 -0700
Hey, Vuong! This also appeared on SANS. Here is a link to the article. http://isc.sans.org/diary.html?storyid=3366 It appears that an ID and password is exposed when using this service when someone is sniffing the unencrypted side of a session. Guy L. Pace, CISSP Security Administrator Center for Information Services (CIS) 3101 Northup Way, Suite 100 Bellevue, WA 98004 425-803-9724 gpace () cis ctc edu -----Original Message----- From: Vuong Phung [mailto:vphung () SCIENCE SJSU EDU] Sent: Tuesday, September 11, 2007 12:24 PM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: [SECURITY] this reading could be fun or serious Hello everyone, I am a sys admin and no security expert. I read this post from Slashdot regarding ToR http://www.derangedsecurity.com/time-to-reveal%E2%80%A6/ I know that sending my username and password via unencrypted channel is a no no, but most poeple use ToR may think that they are annonymous to everything (including their data/password) I am not sure how much true to the post and would like to hear your comments; especially from the security expert and specialist on this list. Thanks! Vuong
Current thread:
- this reading could be fun or serious Vuong Phung (Sep 11)
- <Possible follow-ups>
- Re: this reading could be fun or serious Pace, Guy (Sep 11)
- Re: this reading could be fun or serious Curt Wilson (Sep 11)
- Re: this reading could be fun or serious Jeffrey I. Schiller (Sep 13)