Bugtraq mailing list archives

Re: More Internet Explorer zone confusion

From: chris () NETMONGER NET (Christopher Masto)
Date: Tue, 9 Mar 1999 01:59:08 -0500


Is this intranet zone thing _really_ of any value?  Why is there a
built-in default assumption that something from a "local" server is
more trustworthy?  Consider the following situations:

1. A customer of your ISP, netmonger.net, is evil.  They have a page
   that links or redirects to http://www/~evil/evil.html, taking
   advantage of the fact that your machine is configured with your
   ISP's domain in the search list.

2. You go to school at RPI.  You have a dorm ethernet connection.
   Your machine is naive.dorm.rpi.edu, and you have dorm.rpi.edu
   in your domain search list.  An evil person gets evil.dorm.rpi.edu,
   and you know the rest.

3. You work at Giganticorp and have access to high-level trade secrets.
   Giganticorp has an intranet where employees can put up their own
   web pages.  An evil employee takes advantage of the default security
   settings to gain access to your secrets, which he sells to the
   competition.

Numbers 1 and 2 ask the question, "Why are we assuming that a
non-qualified host name implies intranet implies trust?"  Number 3
asks the question, "Why are we assuming that intranet implies trust?"
Another question is "How many people who use IE have no intranet?"
Considering that there are a quantity of tools available to deploy
IE at your company with preconfigured settings, why not default to
not having this intranet zone.  If Giganticorp needs to turn down
the security, they can do so at the same time they're customizing
the rest of the settings.

I don't personally use Microsoft products, and I am not quite familiar
with the specific security precautions that are disabled for the
intranet zone, but if they're enough to cause concern on the Internet,
the same problems can occur even when the browser isn't malfunctioning
at all.
--
Christopher Masto        Director of Operations      NetMonger Communications
chris () netmonger net        info () netmonger net        http://www.netmonger.net

Free yourself, free your machine, free the daemon -- http://www.freebsd.org/

Current thread:

Re: Default password in Bay Networks switches., (continued)
- - - Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
    - Re: Default password in Bay Networks switches. Dax Kelson (Mar 10)
    - Re: Default password in Bay Networks switches. Igor Sviridov (Mar 11)
    - Re: Default password in Bay Networks switches. Rolf Obrecht (Mar 12)
    - Re: The FPSC-IRCD.txt advisory Bjarni R. Einarsson (Mar 09)
    - Windows NT Screen Saver Vulnerability Aleph One (Mar 09)
  - Re: More Internet Explorer zone confusion Tilman Schmidt (Mar 08)
    - 64 bit Solaris 7 procfs bug Toomas Soome (Mar 09)
    - Re: More Internet Explorer zone confusion Jim Frost (Mar 09)
- Re: More Internet Explorer zone confusion Paul Leach (Mar 08)
  - Re: More Internet Explorer zone confusion Christopher Masto (Mar 08)