[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation

To: <full-disclosure@lists.netsys.com>
Subject: RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
From: "Zach Forsyth" <Zach.Forsyth@kiandra.com>
Date: Wed, 28 Jan 2004 15:36:15 +1100

After reading through the MS advisory in more detail it doesn't actually
mention ftp at all.
This was kindly pointed out by several FD readers :) 

I will wait and see if the patch just "fixes" http and https before
worrying about it in earnest.

And for people saying don't use IE, if you aren't the sole admin on the
server you don't have the choice to install other apps.
Believe me if I could install something else I would just put a real ftp
app and firebird on there and not have to ask silly questions on FD.

Cheers

z

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
  - From: Cael Abal <lists@onryou.com>
- RE: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
  - From: Kenton Smith <ksmith@chartwelltechnology.com>

Prev by Date: Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
Next by Date: RE: [Full-Disclosure] Mydoom
Previous by thread: Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
Next by thread: Re: [Full-Disclosure] Microsoft's fix for URL containing username:password@ obfuscation
Index(es):
- Date
- Thread