[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: "cracks" via tor
jeff wrote:
I just got a complaint from someone who said one of my servers
(running a tor daemon) had a "hacker" on it trying to break
into his website. He sent me some log entries, which had some
pretty tame "foo.pl?user=bill" type of hits.
While this doesn't look like the crack of the century, it does
pose an interesting question in that if someone is trying to do
web exploits via tor, how can such a thing be prevented? I
can't think of any way.
Could this have some dodgy legal implications for people running
tor servers? I'm sure EFF has something to say about this. ;)
Thanks,
-Jeff
P.S. Fedora Core 3 tor RPMs @
ftp://ftp.blagblagblag.org/pub/BLAG/linux/30000/en/os/i386/BLAG/RPMS/
I have discussed this issue with one of the leading IT lawyers in
Denmark. He said that according to the danish law (and most European
laws) the only legal issue you could face by running a tor server is if
the law require you to log which traffic you pass trough the server.
There is such a law in Denmark but it only affects companies, not
private persons or organisations.
He also said that you might compare the situation with a situation where
you lend someone you phone and they commit a crime with it. In that
situation you would not (by danish or most european laws) be held
responsible for the crime the third party committed with your phone.
--
Simon Østengaard
GCUX, LPIC-2
simon@xxxxxxxxxxxxx
It is a book about a Spanish guy called Manual. You should read it.
-- Dilbert