Vulnerability Development mailing list archives
RE: Winnt/Win2k Vuln ?
From: "David Schwartz" <davids () webmaster com>
Date: Fri, 10 Aug 2001 12:42:33 -0700
Think that is scary? I cannot state about the current browser, but previous versions bypassed a lot of the NT security features. Happens when the browser is made an integral part of the OS - but for legal reasons and with apparently little concerns to security ones.
I would say the reverse would be more of a security problem. You'd prefer that somebody could create a web site with the same name as one of your files and when you ask for the file, you get the web site? If you care about security, enter fully-qualified URLs, don't use abbreviations. Any scheme to accept abbreviations will sometimes fail to get you what you want. For example, what will your browser do if you just type in "ftp.mydomain.com"? Will it take it as "http://ftp.mydomain.com"? Or will it take it as "http://ftp.mydomaincom"? If you don't know and understand the rules for expanding abbreviations, don't use abbreviations. I only wish you could disable them. Both IE and Netscape have done things I didn't expect more than once. DS
Current thread:
- Re: Winnt/Win2k Vuln ?, (continued)
- Re: Winnt/Win2k Vuln ? Rio Martin. (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Fab Siciliano (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? J.D. Meek (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 11)
- Re: Winnt/Win2k Vuln ? Rio Martin. (Aug 10)
- Re:Winnt/Win2k Vuln ? Thiago Campos (Aug 10)
- RE: Winnt/Win2k Vuln ? JKlemenc (Aug 10)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 12)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)