[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE:[Full-Disclosure] IE

To: full-disclosure@xxxxxxxxxxxxxxxx
Subject: RE:[Full-Disclosure] IE
From: John Dowling <greyhatthe2nd@xxxxxxxxx>
Date: Tue, 20 Jul 2004 13:34:27 -0700 (PDT)

Not to return to the original post or anything, but
was anyone able to identify the registry keys that
will sucessfully modify the user-agent string?

There seem to be many keys other than
HKLM>software>MS>windows>current_version>internet_settings

And the key at
HKLM>software>MS>windows>current_version>internet_settings>user_agent>post_platform
does not contain information other than what is
available via group policy (is this key even available
to xp home users?)

>>>>The real solution is to use a browser with no
known vulnerability (and
that's better if it didn't have a lot in the past),
not to try to hide
what you are using.

Full Disclosure. I believe in it.

While I do agree that exploitation redirects based on
user-agent proliferate, there are far more
functionality-based redirects, and [opinion] I believe
that masking a user-agent would result in a diminished
browsing experience inproportionate to the amount of
protection added.

/jd



        
                
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Prev by Date: RE: [Full-Disclosure] telnet URL type used in exploit
Next by Date: [Full-Disclosure] Motivations...
Previous by thread: [Full-Disclosure] Re: Motivations... of White Hats
Next by thread: RE: [Full-Disclosure] IE
Index(es):
- Date
- Thread