[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: "cracks" via tor



jeff wrote:
I just got a complaint from someone who said one of my servers (running a tor daemon) had a "hacker" on it trying to break into his website. He sent me some log entries, which had some pretty tame "foo.pl?user=bill" type of hits.

While this doesn't look like the crack of the century, it does pose an interesting question in that if someone is trying to do web exploits via tor, how can such a thing be prevented? I can't think of any way.

Could this have some dodgy legal implications for people running tor servers? I'm sure EFF has something to say about this. ;)

Thanks,

-Jeff

P.S. Fedora Core 3 tor RPMs @ ftp://ftp.blagblagblag.org/pub/BLAG/linux/30000/en/os/i386/BLAG/RPMS/

I have discussed this issue with one of the leading IT lawyers in Denmark. He said that according to the danish law (and most European laws) the only legal issue you could face by running a tor server is if the law require you to log which traffic you pass trough the server. There is such a law in Denmark but it only affects companies, not private persons or organisations.


He also said that you might compare the situation with a situation where you lend someone you phone and they commit a crime with it. In that situation you would not (by danish or most european laws) be held responsible for the crime the third party committed with your phone.

--
Simon Østengaard
GCUX, LPIC-2
simon@xxxxxxxxxxxxx

 It is a book about a Spanish guy called Manual. You should read it.
       -- Dilbert