
missed opportunities
can we get a link to the report/source article?
1) code injection to a hackers system.
<tab> possible id? forward to authorities? pipe all his interwebs through "upside-down-ternet"? Yes, the legalities would be questionable, but the researchers have already crossed a very definate line by running code on the remote (skiddie) system
2)assumtion that miscreant isnt using a proxy?
<tab> I know that tor sites javascript as being unsafe, but having *all* trafic going though a transparent proxy would make it safer... however, i do see that the kind of people who enable javascript by default are definately the "low hanging fruit" in such cases (or maybe its enabled because it appears to be coming from a trusted source? ).
3)id be interested to know whether the info leak was from a http header, as these can be forged (opera uses this legitimately to stop sites claiming they are imcompatible)
4) erm perhaps this should be 1) isnt executing code in a log file a pretty serious vuln?
<tab> see also 2) ("low hanging fruit")
darn it stream of consciousnes post!!!one