Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing

• Previous message: please_reply_to_security_at_sco.com: "UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment"
• In reply to: Ron Stiemer: "[Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing"
• Next in thread: Tobias Weisserth: "Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: full-disclosure@lists.netsys.com
Date: Wed, 31 Mar 2004 01:54:24 +0200

Hi!

> can anybody confirm this, or is it just an april's fool joke ?
> http://www.heise.de/security/news/meldung/46175

for the ones reading this mailing list offline: the text says we
all should not use HTTP because there are problems with browser
authentication.

I am reading c't, another magazine heise produces, and they
*always* have an april joke. The article mentioned above does
not tell how the hole can be exploited, but it says sth. about
a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact
that they invent a new meaning for the bitmap file extension
makes me consider this article as a great joke.

cya, Marcel

-- 
an unannounced attachment... it's a DOCument... does he really think
i'll either start the deamonic tool from redmond or reboot my machine
to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3!
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Previous message: please_reply_to_security_at_sco.com: "UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment"
• In reply to: Ron Stiemer: "[Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing"
• Next in thread: Tobias Weisserth: "Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]