"cracks" via tor

Simon Østengaard simon at ostengaard.dk
Wed Mar 2 12:04:54 UTC 2005


jeff wrote:
> I just got a complaint from someone who said one of my servers 
> (running a tor daemon) had a "hacker" on it trying to break 
> into his website. He sent me some log entries, which had some 
> pretty tame "foo.pl?user=bill" type of hits.
> 
> While this doesn't look like the crack of the century, it does 
> pose an interesting question in that if someone is trying to do 
> web exploits via tor, how can such a thing be prevented? I 
> can't think of any way.
> 
> Could this have some dodgy legal implications for people running 
> tor servers? I'm sure EFF has something to say about this. ;)
> 
> Thanks,
> 
> -Jeff
> 
> P.S. Fedora Core 3 tor RPMs @ 
> ftp://ftp.blagblagblag.org/pub/BLAG/linux/30000/en/os/i386/BLAG/RPMS/

I have discussed this issue with one of the leading IT lawyers in 
Denmark. He said that according to the danish law (and most European 
laws) the only legal issue you could face by running a tor server is if 
the law require you to log which traffic you pass trough the server. 
There is such a law in Denmark but it only affects companies, not 
private persons or organisations.

He also said that you might compare the situation with a situation where 
you lend someone you phone and they commit a crime with it. In that 
situation you would not (by danish or most european laws) be held 
responsible for the crime the third party committed with your phone.

-- 
Simon Østengaard
GCUX, LPIC-2
simon at ostengaard.dk

  It is a book about a Spanish guy called Manual. You should read it.
        -- Dilbert



More information about the tor-talk mailing list