lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <449A669B.30703@iku-ag.de>
Date: Thu, 22 Jun 2006 11:44:59 +0200
From: Kurt Huwig <k.huwig@...-ag.de>
To: imipak <imipak@...il.com>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: Bypassing of web filters by using ASCII

imipak schrieb:
> Hmmm, I just noticed Firefox's Accept-Charset header doesn't include
> ASCII. Does the HTTP spec say that ASCII is the default charset?

No, it's ISO-8859-1. According to

http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-035.pdf

Page 27 (37):

"11.2 Transformation from 7-bit to 8-bit codes

Within a CC-data-element any 7-bit combination has an equivalent 8-bit
form comprising b7 to b1 of the 7-bit form, together with a b8 of ZERO."


the MSB must be set to 0. The folks at Mozilla say it is evangelism for
some broken AOL pages, but then I ask why evangelism, when it does not
work with IE?
-- 
Mit freundlichen Grüßen

Kurt Huwig             iKu Systemhaus AG        http://www.iku-ag.de/
Vorstand               Am Römerkastell 4        Telefon 0681/96751-0
                       66121 Saarbrücken        Telefax 0681/96751-66
GnuPG 1024D/99DD9468 64B1 0C5B 82BC E16E 8940  EB6D 4C32 F908 99DD 9468


Download attachment "signature.asc" of type "application/pgp-signature" (255 bytes)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ