Bugtraq mailing list archives
Re: More Internet Explorer zone confusion
From: signal11 () MEDIAONE NET (iversen)
Date: Mon, 8 Mar 1999 11:07:19 -0600
Oliver Lineham wrote:
- New TLDs. Internic goes and adds a .web or .store or something that didn't exist when the browser was released. I'm sure all the e-commerce sites on .store would love their servers being considered "Local Intranet Sites"! If this is how the zones are implemented, then its insane. If not, then IE's claim of being able to distinguish intranet sites from internet ones is an outright lie and the "feature" should be removed.
This seems to be trivial to resolve - put everything in the internet zone unless it matches a list containing the local intranets. Then do reverse-dns of everything that's allegedly inside the intranet and make sure everything matches up. It isn't a perfect solution, but it would make it substantially harder to fake a remote site as local. You also get the added benefit of not needing to worry about how IE resolves domains/ip addresses. -- signal11 () mediaone net | BOFH, Malign networks I'll give you the TCO of Linux as soon as my calculator stops saying "divide by zero error."
Current thread:
- Re: More Internet Explorer zone confusion Oliver Lineham (Mar 08)
- <Possible follow-ups>
- Re: More Internet Explorer zone confusion iversen (Mar 08)
- WinFreez.c Delmore (Mar 05)
- The FPSC-IRCD.txt advisory syg FPSC (Mar 07)
- Digital Unix 4 protected password database. James Clement (Mar 08)
- Re: Digital Unix 4 protected password database. Chris Johnson (Mar 09)
- Re: Digital Unix 4 protected password database. Jon Morgan (Mar 10)
- Re: Digital Unix 4 protected password database. Alec Muffett (Mar 10)
- Re: Digital Unix 4 protected password database. Keith Piepho (Mar 10)
- Re: Digital Unix 4 protected password database. Solar Designer (Mar 13)
- Default password in Bay Networks switches. Jan B. Koum (Mar 10)
- Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)