[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
From: Marcel Krause <marcel_k@xxxxxx>
Date: Wed, 31 Mar 2004 01:54:24 +0200

Hi!

> can anybody confirm this, or is it just an april's fool joke ?
> http://www.heise.de/security/news/meldung/46175

for the ones reading this mailing list offline: the text says we
all should not use HTTP because there are problems with browser
authentication.

I am reading c't, another magazine heise produces, and they
*always* have an april joke. The article mentioned above does
not tell how the hole can be exploited, but it says sth. about
a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact
that they invent a new meaning for the bitmap file extension
makes me consider this article as a great joke.

cya, Marcel
-- 
an unannounced attachment... it's a DOCument... does he really think
i'll either start the deamonic tool from redmond or reboot my machine
to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3!

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
  - From: Ron Stiemer

Prev by Date: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
Next by Date: Re: [Full-Disclosure] Bugfinder Being Indicted As Criminal ("Counterfeiter") in France
Previous by thread: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
Next by thread: Re: [Full-Disclosure] Security Hole in HTTP (RFC1945) - Browser-Spoofing
Index(es):
- Date
- Thread