Full Disclosure mailing list archives
Re: Microsoft's fix for URL containing username:password@ obfuscation
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 29 Jan 2004 12:48:49 +1300
Cael Abal <lists () onryou com> wrote:
Please tell me you don't do a lot of web browsing from your server. IE being required on a Windows server (for SUS management, etc.) is one of my pet peeves -- but folks who browse the internet from their server actively freak me out. (This isn't directed specifically at you, Zach, but to people who play Russian roulette logged in as a domain admin.)
Indeed. The non-removal of the "client-software integrating" parts of IE from Windows Server 2003 is one measure of just how much the "Trusted Computing Iniative" was hot-air over substance. Not providing the possibility of removing stupid network client access tools that are "an integral part of the OS", or at least allowing their absolute separation to "genuinely safe" user groups, shows how much important folk at MS stilll "just don't get security". Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Microsoft's fix for URL containing username:password@ obfuscation Zach Forsyth (Jan 27)
- Re: Microsoft's fix for URL containing username:password@ obfuscation George Capehart (Jan 27)
- Re: Microsoft's fix for URL containing username:password@ obfuscation Thomas Frenzel (Jan 27)
- <Possible follow-ups>
- Microsoft's fix for URL containing username:password@ obfuscation Bobby Brown (Jan 27)
- Re: Microsoft's fix for URL containing username:password@ obfuscation Daniel . Capo (Jan 28)
- RE: Microsoft's fix for URL containing username:password@ obfuscation Zach Forsyth (Jan 27)
- Re: Microsoft's fix for URL containing username:password@ obfuscation Cael Abal (Jan 28)
- Re: Microsoft's fix for URL containing username:password@ obfuscation Nick FitzGerald (Jan 28)
- RE: Microsoft's fix for URL containing username:password@ obfuscation Kenton Smith (Jan 28)
- RE: Microsoft's fix for URL containing username:password@ obfuscation Ron DuFresne (Jan 28)
- Re: Microsoft's fix for URL containing username:password@ obfuscation Cael Abal (Jan 28)