Exclusive: Windows 2000 & Windows NT 4 Source Code Leaks

["jB" <jbistogood () hotmail com>]

Yes, it's not an exploit, but close...

Seems MS just joined the open source alliance:
http://neowin.net/comments.php?id=17509&category=main

JB
----- Original Message ----- 
From: "mescsa" <mescsa () yahoo com>
To: <full-disclosure () lists netsys com>
Sent: Monday, February 09, 2004 9:14 PM
Subject: Re: [Full-disclosure] another product affected by recent MS IE '@' 
patch


> Nick FitzGerald <nick () virus-l demon co uk> wrote:
> > ...
> > and, most importantly, you should note that the "userinfo" part is
> > _outside_ the definition of "hostport", and thus outside the "host"
> > part.  Ergo, HTTP URLs are explicitly (and presumably deliberately)
> > defined to _NOT_ support "userinfo" data so any implementation that
> > does is non-compliant.
>
> This is your interpretation of section 3.2.2 of RFC 2616.
>
> However section 3.2.1 of the same document states that
> "For definitive information on URL syntax and semantics," you
> should "see 'Uniform Resource Identifiers (URI): Generic Syntax
> and Semantics,' RFC 2396."
>
> Since there are neither any MUST NOTs in RFC 2616 nor any apparent
> technical reasons why userinfo should be banned from HTTP-URLs, it
> is clear that not everyone will follow your reasoning. That's why
> implementors have choosen to make use of the userinfo-part in
> services, protocols and user agents.
>
> Regards,
> mescsa
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online.
> http://taxes.yahoo.com/filing.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html