Full Disclosure mailing list archives
RE: Apparently the practice was prevalent
From: John.Airey () rnib org uk
Date: Tue, 10 Feb 2004 11:23:55 -0000
-----Original Message----- From: Cael Abal [mailto:lists2 () onryou com] Sent: 10 February 2004 03:27 To: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] Apparently the practice was prevalent -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I'm of the opinion that reinterpreting these particular ancient RFCs is really of no practical use and that this thread probably deserves to die a quiet death. The fact of the matter is, regardless of what the RFCs have to say about the subject, Microsoft's abandoning of the username:password http/https feature should drastically hinder an entire class of unelegant phishing schemes. This is a good thing. The patch will also act as another (albeit tiny) nudge away from the tradition of passwords saved and used in-the-clear, which is also a good thing. Does anything else really need to be said?
Once more into the breach... Regardless of what you think of these 'ancient' RFCs, you must bear in mind that an even more 'ancient' RFC determines the format of the email you are reading, RFC 822. It's worth pointing out that anyone who does not have an "open" email relay is in breach of this RFC, which as we all know (or at least should know) is a BAD idea. The question is though, when RFCs are defined, is there a sound basis for going against what is stated or implied within it? In this case, I would say no. I'm not the greatest of Microsoft fans, but for once they have fixed something they had broken. They've even given opportunity to restore the "broken" usage for those that still need to use it. Now, it may have been better for the dialog box to be popped up warning you that you are sending information to a site (although some users may have disabled this). However, considering this is non-standard, they have probably made the better choice. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey () rnib org uk According to the book of Acts, Eutychus was the first man to suffer from a General Protection Fault with Windows. - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: Apparently the practice was prevalent, (continued)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Mattias Ahnberg (Feb 10)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Ron DuFresne (Feb 09)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
- Re: Apparently the practice was prevalent Cael Abal (Feb 09)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)
- RE: Apparently the practice was prevalent John . Airey (Feb 11)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 11)
- RE: Apparently the practice was prevalent John . Airey (Feb 11)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 11)