lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
From: John.Airey at (
Subject: Apparently the practice was prevalent

> -----Original Message-----
> From: Cael Abal []
> Sent: 10 February 2004 03:27
> To:
> Subject: Re: [Full-Disclosure] Apparently the practice was prevalent
> Hash: SHA1
> I'm of the opinion that reinterpreting these particular ancient RFCs
> is really of no practical use and that this thread probably deserves
> to die a quiet death.
> The fact of the matter is, regardless of what the RFCs have to say
> about the subject, Microsoft's abandoning of the username:password
> http/https feature should drastically hinder an entire class of
> unelegant phishing schemes.  This is a good thing.
> The patch will also act as another (albeit tiny) nudge away from the
> tradition of passwords saved and used in-the-clear, which is also a
> good thing.
> Does anything else really need to be said?
Once more into the breach...

Regardless of what you think of these 'ancient' RFCs, you must bear in mind
that an even more 'ancient' RFC determines the format of the email you are
reading, RFC 822. It's worth pointing out that anyone who does not have an
"open" email relay is in breach of this RFC, which as we all know (or at
least should know) is a BAD idea. 

The question is though, when RFCs are defined, is there a sound basis for
going against what is stated or implied within it? In this case, I would say

I'm not the greatest of Microsoft fans, but for once they have fixed
something they had broken. They've even given opportunity to restore the
"broken" usage for those that still need to use it.

Now, it may have been better for the dialog box to be popped up warning you
that you are sending information to a site (although some users may have
disabled this). However, considering this is non-standard, they have
probably made the better choice.

John Airey, BSc (Jt Hons), CNA, RHCE
Internet systems support officer, ITCSD, Royal National Institute of the
Bakewell Road, Peterborough PE2 6XU,
Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 

According to the book of Acts, Eutychus was the first man to suffer from a
General Protection Fault with Windows.


NOTICE: The information contained in this email and any attachments is 
confidential and may be privileged. If you are not the intended 
recipient you should not use, disclose, distribute or copy any of the 
content of it or of any attachment; you are requested to notify the 
sender immediately of your receipt of the email and then to delete it 
and any attachments from your system. 

RNIB endeavours to ensure that emails and any attachments generated by 
its staff are free from viruses or other contaminants. However, it 
cannot accept any responsibility for any  such which are transmitted.
We therefore recommend you scan all attachments. 

Please note that the statements and views expressed in this email and 
any attachments are those of the author and do not necessarily represent 
those of RNIB. 

RNIB Registered Charity Number: 226227 


Powered by blists - more mailing lists