Full Disclosure mailing list archives
Re: (no subject)
From: Valdis.Kletnieks () vt edu
Date: Fri, 05 Dec 2003 21:18:54 -0500
On Sat, 06 Dec 2003 11:00:35 +1300, Nick FitzGerald <nick () virus-l demon co uk> said:
First, some genius (or committee thereof) decided that putting "userinfo" data into URLs would be a good idea. This was decided despite it generally being agreed -- as the URL RFC authors note _in the RFC_ -- to be a bad thing from a security perspective...
I'm sure the guys at 61.252.126.191 don't give a flying fornicate in a rolling donut about how it's a bad thing from a security perspective, seeing how the PTR for that IP is somewhere in KRNIC.NET controlled space. Or are we now holding scammers to a higher standard of security than the actual site admins? :)
Attachment:
_bin
Description:
Current thread:
- (no subject) http-equiv () excite com (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- Re: (no subject) Valdis . Kletnieks (Dec 05)
- Re: (no subject) Nick FitzGerald (Dec 05)
- <Possible follow-ups>
- (no subject) shurikx1 (Dec 29)
- Cross Site Scripting in miniBB 1.7 (latest) and earlier Chintan Trivedi (Dec 29)