RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation

From: Zach Forsyth (Zach.Forsyth_at_kiandra.com)
Date: 01/28/04

Next message: George Capehart: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"

Previous message: KF: "[Full-Disclosure] SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM"
Maybe in reply to: Bobby Brown: "[Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Next in thread: Cael Abal: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Reply: Cael Abal: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Reply: Kenton Smith: "RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <full-disclosure@lists.netsys.com>
Date: Wed, 28 Jan 2004 15:36:15 +1100

After reading through the MS advisory in more detail it doesn't actually
mention ftp at all.
This was kindly pointed out by several FD readers :)

I will wait and see if the patch just "fixes" http and https before
worrying about it in earnest.

And for people saying don't use IE, if you aren't the sole admin on the
server you don't have the choice to install other apps.
Believe me if I could install something else I would just put a real ftp
app and firebird on there and not have to ask silly questions on FD.

Cheers

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Next message: George Capehart: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"

Previous message: KF: "[Full-Disclosure] SRT2004-01-17-0227 - BlackICE allows local users to become SYSTEM"
Maybe in reply to: Bobby Brown: "[Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Next in thread: Cael Abal: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Reply: Cael Abal: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Reply: Kenton Smith: "RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

[SLE] Suse 9 network instalation
... with all the Suse 9 packages. ... I made it available via http and ftp to my ... install stops right there. ...
(SuSE)
Re: Web installation fails Unable to retreive the install image !!??
... kurt a écrit: ... So I've started up my computer with the rescue CD and then selected 'Install or Upgrade ...'. ... When prompted for media I've chosen 'HTTP' and entered the address of one of Fedora's mirrors. ... It would appear this is an ftp rather than http transfer site. ...
(linux.redhat)
p2p servers outside the firewall
... On a single linux box can i have a firewall configured such that some apps ... sit outside and everything else (http, ftp, email, news) behind? ...
(comp.os.linux.security)
RE: question about installing Fc7
... What is going to be the easiest way to install it on a box which does not ... have dvd support? ... I have heard ftp and http? ...
(Fedora)
Re: net install
... Why do you want to use http if you "was to install via ftp" at ... Michael Heiming ...
(linux.redhat)