I saw a reference to this article recently. I knew how Tor worked but never really go under the hood of the exit servers. Well apparently some others have and are setting up their own exit servers for nefarious purposes. It seems as though if you setup an exit server you can specify what ports you want to allow through it. By default I believe it will allow any. If I were to setup an exit server and only allow ports 23, 110 and 143, what do you think I would be able to see? Passwords. To top it off it looks like anyone can setup their own exit server.
Brilliant.
The moral of the story…unencrypted logins will get you into trouble.
–Chris
Technorati Tags: Tor, logons, exit server
