lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20060626091928.GP68634@DAPCVA.da>
Date: Mon, 26 Jun 2006 11:19:28 +0200
From: Vincent Archer <varcher@...yall.com>
To: "Amit Klein (AKsecurity)" <aksecurity@...pop.com>
Cc: Vincent Archer <varcher@...yall.com>, bugtraq@...urityfocus.com,
	k.huwig@...-ag.de
Subject: Re: Bypassing of web filters by using ASCII


On Fri, Jun 23, 2006 at 05:12:13PM +0200, Amit Klein (AKsecurity) wrote:
> On 23 Jun 2006 at 10:35, Vincent Archer wrote:
> > The same problem did exist in RFC821, which specified the data path as
> > being 7-bit, with the MSB set to 0. The venerable ancestor sendmail did
> > enforce that, by and-ing each and every byte with 0x7F, which means that
> > the IE solution is "slightly better", due to historical precedent.
> 
> If we're into precedences, does anyone know what Mosaic 1.0 used to do in such case? after 

Mosaic didn't really handle charsets.

It used Motif as the underlying toolkit, and rendered the binary text stream
using XmSTRING_DEFAULT_CHARSET, which could default to ISO 8859-1 most of
the time, or something else if you tweaked your X11 installation and
properties.

So, basically, Mosaic worked as firefox/opera do, not as IE.

-- 
Vincent ARCHER
varcher@...yall.com

Tel : +33 (0)1 40 07 47 14
Fax : +33 (0)1 40 07 47 27
Deny All - 23, rue Notre Dame des Victoires - 75002 Paris - France


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ