Eavesdropping on Tor traffic

Posted Sep 14, 2007 11:39 UTC (Fri) by rloomans (guest, #759)
In reply to: Eavesdropping on Tor traffic by jordanb
Parent article: Eavesdropping on Tor traffic

> Although you'd think that if they were sophisticated enough to do that they'd
> go the last five feet and make sure the employee was using an SSL connection.

That for me is the most striking point.

After that for HTTPS, SSL and TLS support in mail protocols is the best supported and implemented. Even Outlook does it tolerably well. What were the mail server *administrators* doing allowing unsecured connections?

I work for a small, admittedly fairly internet savy, company and we don't even allow unsecured IMAP on our office network, and definitely not over the open internet.

On the other hand, if they were using webmail.....