Full Disclosure mailing list archives

Re: Interesting side effect of the new IE patch

From: Dave Sherohman <esper () sherohman org>
Date: Fri, 6 Feb 2004 13:57:33 -0600

On Fri, Feb 06, 2004 at 07:28:18PM +0100, Stefan Esser wrote:

a) people write passwords into their URLs  (valid point)
   (but if they cannot write it into URLs they will store it into
   IE password remembering function or attach some notes to their
   monitor, so removing this feature has NOT improved security)


Yes it has.  The contents of MSIE's rembering function and even notes
on the monitor are not sent over the public internet in cleartext or
recorded in server access (or, worse, referer, if the browser is
sufficiently simple-minded) logs.

It hasn't completely fixed security, but it has improved the
situation somewhat.

-- 
The freedoms that we enjoy presently are the most important victories of the
White Hats over the past several millennia, and it is vitally important that
we don't give them up now, only because we are frightened.
  - Eolake Stobblehouse (http://stobblehouse.com/text/battle.html)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

Re: Interesting side effect of the new IE patch, (continued)
- - - Re: Interesting side effect of the new IE patch Szilveszter Adam (Feb 06)
    - Re: Interesting side effect of the new IE patch BlueRaven (Feb 06)
    - Re: Interesting side effect of the new IE patch Byron Copeland (Feb 06)
    - RE: Interesting side effect of the new IE patch Bill Royds (Feb 05)
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - Re: Interesting side effect of the new IE patch Valdis . Kletnieks (Feb 06)
    - Message not available
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - RE: Interesting side effect of the new IE patch Bill Royds (Feb 06)
    - Re: Interesting side effect of the new IE patch Nick FitzGerald (Feb 05)
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - Re: Interesting side effect of the new IE patch Dave Sherohman (Feb 06)
    - Re: Interesting side effect of the new IE patch Valdis . Kletnieks (Feb 06)
    - Re: Interesting side effect of the new IE patch Stefan Esser (Feb 06)
    - Re: Interesting side effect of the new IE patch Szilveszter Adam (Feb 06)
    - Re: Interesting side effect of the new IE patch Martin Peikert (Feb 06)
  - Re: Interesting side effect of the new IE patch Nick FitzGerald (Feb 05)
- RE: Interesting side effect of the new IE patch Rainer Gerhards (Feb 06)
- Re: Interesting side effect of the new IE patch DAN MORRILL (Feb 06)
- RE: Interesting side effect of the new IE patch Jerry Heidtke (Feb 06)