[tor-relays] new relays
mick
mbm at rlogin.net
Wed Aug 28 11:10:05 UTC 2013
On Wed, 28 Aug 2013 07:22:16 +0200
Andreas Krey <a.krey at gmx.de> allegedly wrote:
> On Tue, 27 Aug 2013 23:12:01 +0000, Tor Exit wrote:
> > GET /index.php?file=../../../../../../../etc/passwd
> >
> > Why not employ similar techniques on a Tor exit? We can be 100%
> > sure about the malicious intent.
>
> No, you can't be sure. That request could quite well be totally
> legitimate; you are not in a position to judge for the site owner.
>
Absolutely true. I could be using tor to test my own website's security
mechanisms. In fact, I /have/ used tor to test my own websites......
Best
Mick
---------------------------------------------------------------------
Mick Morgan
gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312
http://baldric.net
---------------------------------------------------------------------
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.torproject.org/pipermail/tor-relays/attachments/20130828/2d3e56de/attachment.sig>
More information about the tor-relays
mailing list