Re: Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70

[Mikael Olsson <mikael.olsson () clavister com>]

Jim Paris wrote:
> Have you actually tried this?

I believe the question is: have _you_ actually tried this?

> On all versions I've tried and from what I've read elsewhere on the
> Net, MSIE doesn't work at all with gopher ports other than 70.

It works just fine. That is: the _first_ connection works just fine.
What _doesn't_ work is clicking around inside a gopher site on a non-
standard port, since after the first connection, MSIE promptly forgets 
about the port number we gave it in the original URL, and connects to 
port 70.

However, all an attacker needs is that first connection. :/

-- 
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00   Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50       WWW: http://www.clavister.com