Re: Winnt/Win2k Vuln ?

From: Ben Ford (bfordat_private)
Date: Fri Aug 10 2001 - 15:04:57 PDT

  • Next message: Kevin Gagel: "Re: Winnt/Win2k Vuln ?"

    David Schwartz wrote:
    
    >>Think that is scary?  I cannot state about the current browser, but
    >>previous versions bypassed a lot of the NT security features.  Happens
    >>when the browser is made an integral part of the OS - but for legal
    >>reasons and with apparently little concerns to security ones.
    >>
    >
    >	I would say the reverse would be more of a security problem. You'd prefer
    >that somebody could create a web site with the same name as one of your
    >files and when you ask for the file, you get the web site?
    >
    >	If you care about security, enter fully-qualified URLs, don't use
    >abbreviations. Any scheme to accept abbreviations will sometimes fail to get
    >you what you want. For example, what will your browser do if you just type
    >in "ftp.mydomain.com"? Will it take it as "http://ftp.mydomain.com"? Or will
    >it take it as "http://ftp.mydomaincom"? If you don't know and understand the
    >rules for expanding abbreviations, don't use abbreviations.
    >
    >	I only wish you could disable them. Both IE and Netscape have done things I
    >didn't expect more than once.
    >
    >	DS
    >
    
    The browser should not be the file manager.  That is all there is to it.
    
    -b
    
    -- 
    Fly Windows NT:
    All the passengers carry their seats out onto the tarmac, placing the chairs
    in the outline of a plane. They all sit down, flap their arms and make jet
    swooshing sounds as if they are flying.
    



    This archive was generated by hypermail 2b30 : Fri Aug 10 2001 - 16:07:54 PDT