lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <BAY9-DAV30YAPNXRPmc0000bc67@hotmail.com>
From: jbistogood at hotmail.com (jB)
Subject: Exclusive: Windows 2000 & Windows NT 4 Source Code Leaks

Yes, it's not an exploit, but close...

Seems MS just joined the open source alliance:
http://neowin.net/comments.php?id=17509&category=main

JB
----- Original Message ----- 
From: "mescsa" <mescsa@...oo.com>
To: <full-disclosure@...ts.netsys.com>
Sent: Monday, February 09, 2004 9:14 PM
Subject: Re: [Full-Disclosure] another product affected by recent MS IE '@' 
patch


> Nick FitzGerald <nick@...us-l.demon.co.uk> wrote:
>> ...
>> and, most importantly, you should note that the "userinfo" part is
>> _outside_ the definition of "hostport", and thus outside the "host"
>> part.  Ergo, HTTP URLs are explicitly (and presumably deliberately)
>> defined to _NOT_ support "userinfo" data so any implementation that
>> does is non-compliant.
>
> This is your interpretation of section 3.2.2 of RFC 2616.
>
> However section 3.2.1 of the same document states that
> "For definitive information on URL syntax and semantics," you
> should "see 'Uniform Resource Identifiers (URI): Generic Syntax
> and Semantics,' RFC 2396."
>
> Since there are neither any MUST NOTs in RFC 2616 nor any apparent
> technical reasons why userinfo should be banned from HTTP-URLs, it
> is clear that not everyone will follow your reasoning. That's why
> implementors have choosen to make use of the userinfo-part in
> services, protocols and user agents.
>
> Regards,
> mescsa
>
> __________________________________
> Do you Yahoo!?
> Yahoo! Finance: Get your refund fast by filing online.
> http://taxes.yahoo.com/filing.html
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.netsys.com/full-disclosure-charter.html
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ