Comment on [Tor Project] Code audit for the Tor Project completed by Radically Open Security
db2@lemmy.world 11 months ago
and following redirects in HTTP clients by default
So to be more secure a site can go to a different site via redirect… that doesn’t seem like a super great idea.
deur@feddit.nl 11 months ago
The summary incorrectly describes what’s happening, sadly. From the report, http redirects being default is an attack surface they identified as needing a solution, not a suggested action.
db2@lemmy.world 11 months ago
That’s much more reassuring. It really didn’t make sense. 😆