Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing

From: Marcel Krause (marcel_k_at_web.de)
Date: 03/31/04

  • Next message: please_reply_to_security_at_sco.com: "[Full-Disclosure] OpenLinux: util-linux could leak sensitive data"
    To: full-disclosure@lists.netsys.com
    Date: Wed, 31 Mar 2004 01:54:24 +0200
    
    

    Hi!

    > can anybody confirm this, or is it just an april's fool joke ?
    > http://www.heise.de/security/news/meldung/46175

    for the ones reading this mailing list offline: the text says we
    all should not use HTTP because there are problems with browser
    authentication.

    I am reading c't, another magazine heise produces, and they
    *always* have an april joke. The article mentioned above does
    not tell how the hole can be exploited, but it says sth. about
    a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact
    that they invent a new meaning for the bitmap file extension
    makes me consider this article as a great joke.

    cya, Marcel

    -- 
    an unannounced attachment... it's a DOCument... does he really think
    i'll either start the deamonic tool from redmond or reboot my machine
    to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3!
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html
    

  • Next message: please_reply_to_security_at_sco.com: "[Full-Disclosure] OpenLinux: util-linux could leak sensitive data"