[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] Apparently the practice was prevalent
- To: "[Full Disclosure]" <full-disclosure@lists.netsys.com>
- Subject: Re: [Full-Disclosure] Apparently the practice was prevalent
- From: Scott Taylor <security@303underground.com>
- Date: Sun, 08 Feb 2004 13:20:39 -0700
Wouldn't it make sense to accept user@pass, but NOT DISPLAY IT on the
address bar? so even if someone clicks on a shady link, they don't see
http://www.visa.com@crooks.com, they only see http://crooks.com on their
address bar? And with all those miserable encoded characters translated
back to plaintext too. Yeah I know. silly idea. Just too bloody obvious
I guess.
On Sun, 2004-02-08 at 12:36, Luke Norman wrote:
> I'm afraid I disagree. Surely its better to disable by default, but
> leave it so that it can be turned on if necessary. People argue that
> windows needs to be shipped with services turned off, but not removed
> completely - a virus could turn these services on, but that isn't
> sufficient cause for removing them. It's a user preference, and if I
> want to be able to enter urls in user:pass@host format, then I should be
> given the option to do so
>
> Luke
--
Scott Taylor - <security@303underground.com>
BOFH Excuse #429:
Temporal anomaly
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html