Vulnerability Development mailing list archives
Re: Winnt/Win2k Vuln ?
From: Ben Ford <bford () erisksecurity com>
Date: Fri, 10 Aug 2001 15:04:57 -0700
David Schwartz wrote:
Think that is scary? I cannot state about the current browser, but previous versions bypassed a lot of the NT security features. Happens when the browser is made an integral part of the OS - but for legal reasons and with apparently little concerns to security ones.I would say the reverse would be more of a security problem. You'd prefer that somebody could create a web site with the same name as one of your files and when you ask for the file, you get the web site? If you care about security, enter fully-qualified URLs, don't use abbreviations. Any scheme to accept abbreviations will sometimes fail to get you what you want. For example, what will your browser do if you just type in "ftp.mydomain.com"? Will it take it as "http://ftp.mydomain.com"? Or will it take it as "http://ftp.mydomaincom"? If you don't know and understand the rules for expanding abbreviations, don't use abbreviations. I only wish you could disable them. Both IE and Netscape have done things I didn't expect more than once. DS
The browser should not be the file manager. That is all there is to it. -b -- Fly Windows NT: All the passengers carry their seats out onto the tarmac, placing the chairs in the outline of a plane. They all sit down, flap their arms and make jet swooshing sounds as if they are flying.
Current thread:
- Re: Winnt/Win2k Vuln ?, (continued)
- Re: Winnt/Win2k Vuln ? Fab Siciliano (Aug 10)
- Re: Winnt/Win2k Vuln ? sween (Aug 10)
- Re: Winnt/Win2k Vuln ? J.D. Meek (Aug 10)
- Re: Winnt/Win2k Vuln ? Kaneda Akira (Aug 11)
- Re:Winnt/Win2k Vuln ? Thiago Campos (Aug 10)
- RE: Winnt/Win2k Vuln ? JKlemenc (Aug 10)
- Re: Winnt/Win2k Vuln ? martin . goudreault (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- Re: Winnt/Win2k Vuln ? Ben Ford (Aug 10)
- Re: Winnt/Win2k Vuln ? Kevin Gagel (Aug 10)
- Re: Winnt/Win2k Vuln ? Meritt James (Aug 10)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 11)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- RE: Winnt/Win2k Vuln ? David Schwartz (Aug 12)
- RE: Winnt/Win2k Vuln ? Louis-Eric Simard (Aug 12)
- Re: Winnt/Win2k Vuln ? sween (Aug 13)
- Re: Winnt/Win2k Vuln ? J. Bol (Aug 14)