lists.openwall.net   lists  /  announce  john-users  owl-users  popa3d-users  /  xvendor  oss-security  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4 
Open Source and information security mailing list archives
 
Order Openwall GNU/*/Linux 2.0 on a CD with delivery worldwide
[<prev] [next>] [<thread-prev] [thread-next>] [month] [year] [list] 
From: adam at hif.hu (Szilveszter Adam)
Subject: Security Hole in HTTP (RFC1945) - Browser-Spoofing

Ron Stiemer wrote:

> Hi List,
> 
> can anybody confirm this, or is it just an april's fool joke ?

Yes, I can confirm this. After all, I have been "on air" with such a 
spoofed browser authentication :-) string for years now, making website 
statistcs software cry and webmasters scratch their heads. (FWIW, they 
are probably talking about the User-Agent header) If my UA string is to 
be believed, I have already moved to a 256-bit OS just in case. And yes, 
this was used in the past to get access to websites like the moronic 
"only IE allowed here" that were popular a few years ago.

And yes, heise always puts out a joke article (at least one) on April 
1st along with c't. Sometimes it is rather hard to find it, because the 
contents look plausible enough at first sight and they even spoof 
literature listings for it :-) So watch out today.

Regards:
Sz.

Hosted by DataForce ISP - Powered by Openwall GNU/*/Linux