Several readers wrote in to inform us that Swedish security researcher Dan Egerstad has revealed how he
collected 100 passwords from embassies and governments worldwide, without hacking into anything: he
sniffed Tor exit routers. Both
Ars and
heise have writeups on Egerstad's blog post, but neither adds much to the original. It's not news that unencrypted traffic exits the Tor network unencrypted, but Egerstad correctly perceived, and called attention to, the lack of appreciation for this fact in organizations worldwide.