lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <406A08B0.57D90126@web.de>
From: marcel_k at web.de (Marcel Krause)
Subject: Security Hole in HTTP (RFC1945) - Browser-Spoofing

Hi!

> can anybody confirm this, or is it just an april's fool joke ?
> http://www.heise.de/security/news/meldung/46175

for the ones reading this mailing list offline: the text says we
all should not use HTTP because there are problems with browser
authentication.

I am reading c't, another magazine heise produces, and they
*always* have an april joke. The article mentioned above does
not tell how the hole can be exploited, but it says sth. about
a "Browser-in-the-Middle-Program (BMP)". Well, the sheer fact
that they invent a new meaning for the bitmap file extension
makes me consider this article as a great joke.

cya, Marcel
-- 
an unannounced attachment... it's a DOCument... does he really think
i'll either start the deamonic tool from redmond or reboot my machine
to boot my linux and use open office? ph33r my 1337 w1nd0z3 up71m3!

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ