| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <40190131.29056.92C7BF@localhost> From: nick at virus-l.demon.co.uk (Nick FitzGerald) Subject: Microsoft's fix for URL containing username:password@ obfuscation Cael Abal <lists@...you.com> wrote: > Please tell me you don't do a lot of web browsing from your server. > > IE being required on a Windows server (for SUS management, etc.) is > one of my pet peeves -- but folks who browse the internet from their > server actively freak me out. > > (This isn't directed specifically at you, Zach, but to people who > play Russian roulette logged in as a domain admin.) Indeed. The non-removal of the "client-software integrating" parts of IE from Windows Server 2003 is one measure of just how much the "Trusted Computing Iniative" was hot-air over substance. Not providing the possibility of removing stupid network client access tools that are "an integral part of the OS", or at least allowing their absolute separation to "genuinely safe" user groups, shows how much important folk at MS stilll "just don't get security". Regards, Nick FitzGerald
Powered by blists - more mailing lists