lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <40190131.29056.92C7BF@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: Microsoft's fix for URL containing
 username:password@ obfuscation

Cael Abal <lists@...you.com> wrote:

> Please tell me you don't do a lot of web browsing from your server.
> 
> IE being required on a Windows server (for SUS management, etc.) is 
> one of my pet peeves -- but folks who browse the internet from their 
> server actively freak me out.
> 
> (This isn't directed specifically at you, Zach, but to people who 
> play Russian roulette logged in as a domain admin.)

Indeed.

The non-removal of the "client-software integrating" parts of IE from 
Windows Server 2003 is one measure of just how much the "Trusted 
Computing Iniative" was hot-air over substance.  Not providing the 
possibility of removing stupid network client access tools that are "an 
integral part of the OS", or at least allowing their absolute 
separation to "genuinely safe" user groups, shows how much important 
folk at MS stilll "just don't get security".


Regards,

Nick FitzGerald

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ