[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] (no subject)

To: nick@virus-l.demon.co.uk
Subject: Re: [Full-Disclosure] (no subject)
From: Valdis.Kletnieks@vt.edu
Date: Fri, 05 Dec 2003 21:18:54 -0500

On Sat, 06 Dec 2003 11:00:35 +1300, Nick FitzGerald <nick@virus-l.demon.co.uk>  
said:

> First, some genius (or committee thereof) decided that putting 
> "userinfo" data into URLs would be a good idea.  This was decided 
> despite it generally being agreed -- as the URL RFC authors note _in 
> the RFC_ -- to be a bad thing from a security perspective...

I'm sure the guys at 61.252.126.191 don't give a flying fornicate in a rolling
donut about how it's a bad thing from a security perspective, seeing how the
PTR for that IP is somewhere in KRNIC.NET controlled space.

Or are we now holding scammers to a higher standard of security than the
actual site admins? :)

Attachment: pgp00011.pgp
Description: PGP signature

References:
- Re: [Full-Disclosure] (no subject)
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>

Prev by Date: [Full-Disclosure] [OMG] NSRG Security & Lorenzo Hernandez "SuckYouBeans" Garcia-Hierro
Next by Date: Re: [Full-Disclosure] Partial Solution to SUID Problems
Previous by thread: Re: [Full-Disclosure] (no subject)
Next by thread: Re: [Full-Disclosure] (no subject)
Index(es):
- Date
- Thread