RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation

From: Zach Forsyth (Zach.Forsyth_at_kiandra.com)
Date: 01/28/04

  • Next message: George Capehart: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"
    To: <full-disclosure@lists.netsys.com>
    Date: Wed, 28 Jan 2004 15:36:15 +1100
    
    

    After reading through the MS advisory in more detail it doesn't actually
    mention ftp at all.
    This was kindly pointed out by several FD readers :)

    I will wait and see if the patch just "fixes" http and https before
    worrying about it in earnest.

    And for people saying don't use IE, if you aren't the sole admin on the
    server you don't have the choice to install other apps.
    Believe me if I could install something else I would just put a real ftp
    app and firebird on there and not have to ask silly questions on FD.

    Cheers

    z

    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html


  • Next message: George Capehart: "Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation"