Suggestion: Advise Tor users to use https://

General discussion re sg.

Suggestion: Advise Tor users to use https://

Postby Paranoid2000 » Wed Jun 30, 2010 3:12 pm

Scroogle (who offer a search scraping service off Google) have recently started redirecting accesses from known Tor nodes to their SSL pages in order to prevent rogue exit node operators from eavesdropping on search terms.

This did strike me as being somewhat overzealous (without some way of linking page access to a real person, such eavesdropping would serve no purpose) but it would seem more fitting for Spamgourmet to provide a similar warning.

Otherwise, a fraudster running a Tor exit node and examining traffic could obtain an SG user's password and then use it to redirect their email to an account under the fraudster's control (which could then be used to access private info including password details for other sites). Using Spamgourmet's https: login page should avoid this (with the possible exception of SSL certificate spoofing which should trigger a browser warning).
Paranoid2000
 
Posts: 71
Joined: Wed Dec 15, 2004 10:48 am

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 15 guests

cron