* on the Tue, Jan 21, 2014 at 10:28:29AM +0100, Max Jakob Maass wrote: > Christ. Chrome even allows to connect to other machines in LAN. I > successfully connected to my Raspberry Pi (only reachable via LAN) by > changing the IP in the source code from 127.0.0.1 to the relevant IP. > > So, appearently, Chrome allows you to enumerate the LAN and interact > with other machines in it. I'll see if there is a bug report for that > already. > > Thanks for the Info, TT Security. If you can use XMLHttpRequest to perform a request against a machine on your LAN that isn't using CORS, and then read the response, then there is a bug, and you will get a healthily sized cheque from Google or Mozilla for reporting it to them. If you can't read the response then there isn't a bug. What you're seeing is: how the web works. -- Mike Cardwell https://grepular.com/ http://cardwellit.com/ OpenPGP Key 35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F XMPP OTR Key 8924 B06A 7917 AAF3 DBB1 BF1B 295C 3C78 3EF1 46B4
Attachment:
signature.asc
Description: Digital signature
-- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk