Bugtraq mailing list archives
Re: More Internet Explorer zone confusion
From: dave () TECHNOPAGAN ORG (David E. Smith)
Date: Mon, 8 Mar 1999 09:06:23 +0000
On Fri, 5 Mar 1999, Jim Paris wrote about the Local Intranet Zone. All the comments made are, technically, correct, but Microsoft could have at least tried. None of these are foolproof, but they're a start. * Be paranoid about entries in the hosts file. Arguably, hosts files are obsolete, thanks to DNS. (No, I won't make the argument.) * Warning dialog boxes for the above, and maybe for anything where the TLD is guessed at. (The http://microsoft/ example. Just warn the user that the requested site was guessed, give some sane options like `Go there, treat it as Internet', `Go there, treat it as local', `Don't go there', and so on.) * Anything that doesn't resolve to a designated local zone (10.*.*.*, and the other reserved addresses) gets the same warning. Or, just change the default behaviour on all those to treat the site as Internet rather than intranet. Probably easier that way, though a bit more troublesome for the user, especially when we guess wrong. Care to take bets on whether anything even remotely like this is ever done? ...dave
Current thread:
- Re: Linux /usr/bin/gnuplot overflow, (continued)
- Re: Linux /usr/bin/gnuplot overflow Hans-Bernhard Broeker (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow Andrea Arcangeli (Mar 05)
- buffer overflow in /usr/bin/cancel Josh A. Strickland (Mar 05)
- Re: Linux /usr/bin/gnuplot overflow -- SuSE hasnt fixed lsof Mario Lorenz (Mar 05)
- Update to Microsoft Security Bulletin (MS99-006) aleph1 () UNDERGROUND ORG (Mar 05)
- More Internet Explorer zone confusion Jim Paris (Mar 05)
- Re: More Internet Explorer zone confusion Walt Armour (Mar 08)
- Re: More Internet Explorer zone confusion Jeremy Nimmer (Mar 08)
- Re: More Internet Explorer zone confusion Jim Paris (Mar 08)
- ISAPI Extension vulnerability allows to execute code as SYSTEM Aleph One (Mar 08)
- Re: More Internet Explorer zone confusion David E. Smith (Mar 08)
- Little exploit for startup scripts (SCO 5.0.4p). leshka (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Peter van Dijk (Mar 07)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Taneli Leppä (Mar 08)
- Call for Papers: CQRE Detlef Hühnlein (Mar 08)
- Re: Little exploit for startup scripts (SCO 5.0.4p). Jon Coyle (Mar 08)