Bugtraq mailing list archives
Re: 'cross site scripting' CERT advisory and MS
From: Alexander.Schreiber () INFORMATIK TU-CHEMNITZ DE (Alexander Schreiber)
Date: Fri, 18 Feb 2000 13:46:41 +0100
On Thu, 17 Feb 2000 flynngn () JMU EDU wrote:
David LeBlanc wrote:What I recommend specifically for using Outlook (probably also applies to other mail readers using IE as a HTML viewer) is: 1) Set it to run in the Restricted Sites zone 2) Edit the Restricted Sites zone into what I call maximum paranoia mode - turn EVERYTHING off. IIRC, cookies are off to begin with, but this gets them turned off for sure.Wouldn't it be better to set the Internet zone for high security and then set the browser to use the Internet zone? The restricted zone requires entering the list of untrusted systems while the Internet zone says
Sorry - but having to specify the list of _untrusted_ systems for a restricted zone sounds broken to me - this means that by default you trust everybody, unless specified otherwise. I think the other way around (i.e. giving a list of _trusted_ systems) is the correct way to go. Or am I horribly mistaken here ? Regards, Alex. -- ------------------------------------------------------------------------------ EMail : als () thangorodrim de | WWW : http://www.thangorodrim.de/ If privacy is outlawed, only outlaws will have | Ceterum censeo Parva Mollia privacy. (Philip Zimmerman, author of PGP) | esse delendam.
Current thread:
- Re: 'cross site scripting' CERT advisory and MS David LeBlanc (Feb 16)
- Re: 'cross site scripting' CERT advisory and MS flynngn () JMU EDU (Feb 17)
- ebay sends passwords in the clear Richard Fromm (Feb 16)
- Re: ebay sends passwords in the clear Andrew Bennett (Feb 20)
- Re: 'cross site scripting' CERT advisory and MS Alexander Schreiber (Feb 18)
- Microsoft signed software can be install software without prompting users Elias Levy (Feb 21)
- ebay sends passwords in the clear Richard Fromm (Feb 16)
- Re: 'cross site scripting' CERT advisory and MS flynngn () JMU EDU (Feb 17)