RE: Winnt/Win2k Vuln ?

From: David Schwartz (davidsat_private)
Date: Fri Aug 10 2001 - 12:42:33 PDT

  • Next message: Pauli Ojanpera: "Re: IE Save as feature & Security zones - curious question"

    > Think that is scary?  I cannot state about the current browser, but
    > previous versions bypassed a lot of the NT security features.  Happens
    > when the browser is made an integral part of the OS - but for legal
    > reasons and with apparently little concerns to security ones.
    
    	I would say the reverse would be more of a security problem. You'd prefer
    that somebody could create a web site with the same name as one of your
    files and when you ask for the file, you get the web site?
    
    	If you care about security, enter fully-qualified URLs, don't use
    abbreviations. Any scheme to accept abbreviations will sometimes fail to get
    you what you want. For example, what will your browser do if you just type
    in "ftp.mydomain.com"? Will it take it as "http://ftp.mydomain.com"? Or will
    it take it as "http://ftp.mydomaincom"? If you don't know and understand the
    rules for expanding abbreviations, don't use abbreviations.
    
    	I only wish you could disable them. Both IE and Netscape have done things I
    didn't expect more than once.
    
    	DS
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 12:50:23 PDT