| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: John.Airey at rnib.org.uk (John.Airey@...b.org.uk) Subject: Apparently the practice was prevalent > -----Original Message----- > From: Cael Abal [mailto:lists2@...you.com] > Sent: 10 February 2004 03:27 > To: full-disclosure@...ts.netsys.com > Subject: Re: [Full-Disclosure] Apparently the practice was prevalent > > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > I'm of the opinion that reinterpreting these particular ancient RFCs > is really of no practical use and that this thread probably deserves > to die a quiet death. > > The fact of the matter is, regardless of what the RFCs have to say > about the subject, Microsoft's abandoning of the username:password > http/https feature should drastically hinder an entire class of > unelegant phishing schemes. This is a good thing. > > The patch will also act as another (albeit tiny) nudge away from the > tradition of passwords saved and used in-the-clear, which is also a > good thing. > > Does anything else really need to be said? > Once more into the breach... Regardless of what you think of these 'ancient' RFCs, you must bear in mind that an even more 'ancient' RFC determines the format of the email you are reading, RFC 822. It's worth pointing out that anyone who does not have an "open" email relay is in breach of this RFC, which as we all know (or at least should know) is a BAD idea. The question is though, when RFCs are defined, is there a sound basis for going against what is stated or implied within it? In this case, I would say no. I'm not the greatest of Microsoft fans, but for once they have fixed something they had broken. They've even given opportunity to restore the "broken" usage for those that still need to use it. Now, it may have been better for the dialog box to be popped up warning you that you are sending information to a site (although some users may have disabled this). However, considering this is non-standard, they have probably made the better choice. - John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey@...b.org.uk According to the book of Acts, Eutychus was the first man to suffer from a General Protection Fault with Windows. - DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk
Powered by blists - more mailing lists