-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On 21.01.2014 11:08, Mike Cardwell wrote: > * on the Tue, Jan 21, 2014 at 10:28:29AM +0100, Max Jakob Maass > wrote: > >> Christ. Chrome even allows to connect to other machines in LAN. >> I successfully connected to my Raspberry Pi (only reachable via >> LAN) by changing the IP in the source code from 127.0.0.1 to the >> relevant IP. >> >> So, appearently, Chrome allows you to enumerate the LAN and >> interact with other machines in it. I'll see if there is a bug >> report for that already. >> >> Thanks for the Info, TT Security. > > If you can use XMLHttpRequest to perform a request against a > machine on your LAN that isn't using CORS, and then read the > response, then there is a bug, and you will get a healthily sized > cheque from Google or Mozilla for reporting it to them. If you > can't read the response then there isn't a bug. What you're seeing > is: how the web works.
Well, this happens if you don't have an apache ready to really test this stuff and only use netcat. Thanks for the info, I'll show myself out. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJS3keFXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQ4NEM0ODA5N0EzQUY3RDU1MTg5QTc3QUMx NjlGOTYyNDM0MDg4MjVFAAoJEBafliQ0CIJe+X0P/jU0yAGGoP9tIXjZLk+I2doY PZ7HEbjFJBcglaLD9r9S7wtUV5Y/K54Xo01Z2uMViT0zisJGMurnz4ITmFpc6JiN wVDPRRr83R1lcrX9WQqUVrJgytk56+OsyjsK1vsw/24mpymGjIxvcs2Bjs+ac4tt vG+eLclN5QMfu1wh5Rz63aadGiBqTZfdAXvtYr91WN1w/sfwSZzrPpwmOSBiwSl5 u+1y06UxgTgxWIxKZOzURBzomMoKTVDF7dx/w6rudTkDZIy4u1DYhmlKYp6sYK2G 5kF5YZaXCPEhT32s/yWSs8OGsZGOuY5hpRLi41PLqzczLTufRD98/uWKmDMS63X3 RrrUicYiqY27GR37d7CA5z7of7DlatDDEwY5UaiDxHa/I/6Zdp/k4jwzQl7d8J1i zWIH3oIXopR8U93QHNiGMojjVMf6O6s0kMK+63UI07c7emHSOO8GhqyBfhxEPe+1 Far+5RDCszJAbEp2CFQIANsRZj9Ppbgoy9KKcjJb1YqqiFr4HF+oLmkaOt5o9XOA nhm9de2fjOyZ6VwtFmJTwh+ymvfayTj85TAGi78IXOebf61EBINFnOXnoxSesBBT 33Tj6e2zc5N0V5c6qtHGB99R7Sj5U3Pklf3lDtMyCdJew7pwLm5gr5qEOAwi2d76 ZxGgA14bc5ILPlSVfZ7A =YQ2B -----END PGP SIGNATURE----- -- tor-talk mailing list - [email protected] To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
