lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: marcel_k at web.de (Marcel Krause)
Subject: Security Hole in HTTP (RFC1945) - Browser-Spoofing

Hi!

> can anybody confirm this, or is it just an april's fool joke ?
> http://www.heise.de/security/news/meldung/46175

for the ones reading this mailing list offline: the text says we
all should not use HTTP because there are problems with browser
authentication.

I am reading c't, another magazine heise produces, and they
*always* have an april joke. The article mentioned above does
not tell how the hole can be exploited, but it says sth. about
a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact
that they invent a new meaning for the bitmap file extension
makes me consider this article as a great joke.

cya, Marcel
-- 
an unannounced attachment... it's a DOCument... does he really think
i'll either start the deamonic tool from redmond or reboot my machine
to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3!

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux