Full Disclosure mailing list archives
Re: Apparently the practice was prevalent
From: Scott Taylor <security () 303underground com>
Date: Sun, 08 Feb 2004 13:20:39 -0700
Wouldn't it make sense to accept user@pass, but NOT DISPLAY IT on the address bar? so even if someone clicks on a shady link, they don't see http://www.visa.com () crooks com, they only see http://crooks.com on their address bar? And with all those miserable encoded characters translated back to plaintext too. Yeah I know. silly idea. Just too bloody obvious I guess. On Sun, 2004-02-08 at 12:36, Luke Norman wrote:
I'm afraid I disagree. Surely its better to disable by default, but leave it so that it can be turned on if necessary. People argue that windows needs to be shipped with services turned off, but not removed completely - a virus could turn these services on, but that isn't sufficient cause for removing them. It's a user preference, and if I want to be able to enter urls in user:pass@host format, then I should be given the option to do so Luke
-- Scott Taylor - <security () 303underground com> BOFH Excuse #429: Temporal anomaly _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apparently the practice was prevalent Paul Schmehl (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent Stefan Esser (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent hggdh (Feb 08)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Scott Taylor (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Mattias Ahnberg (Feb 10)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Ron DuFresne (Feb 09)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- <Possible follow-ups>
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
- Re: Apparently the practice was prevalent Cael Abal (Feb 09)