Securing a Web Hidden Service
x0rz
2521

Listening to “localhost” is kinda-okay because it is better than the threat as-described; however it opens up whole new vistas of threats associated with web software (especially Apache-related) which “trusts” localhost.

See this thread for details: https://twitter.com/AlecMuffett/status/922924914893398017

See this article for explanation:

See this Github document for how to avoid this problem:

https://github.com/alecmuffett/the-onion-diaries/blob/master/basic-production-onion-server.md

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.