| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <200407172325.i6HNPuu26122@netsys.com>
From: tony at breckcomm.com ({tonyFelice})
Subject: IE
It is possible to append information to the user-agent using gpedit.msc
(group policy editor). This information will then reside in the
HKLM>software>MS>win>currver>inetset>useragent>postplatform. In this case,
however, the main information about the browser is still intact.
Example: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; <your string
here>; .NET CLR 1.1.4322)
The question is: what type of info are you trying to conceal, as the
user-agent contains very little _sensitive_ info. Anonymous browsing would
require spoofing or hiding the IP address, which is not contained in the
user-agent. If you are concerned that sites attempting to exploit the IE
vulnerabilities (patched or not) would be able to attack you based on this
string, it would be advisable to simply use another browser.
In any event, it should be available to you at
HKCU>software>MS>win>currver>inetset, which is the same folder that holds
that Zones. I am not certain that changing this setting will suffice,
however.
________________________________________
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of Gabriel
Alexadros
Sent: Saturday, July 17, 2004 3:40 PM
To: Full Disclosure
Subject: [Full-Disclosure] IE
i am qurious if a regedit setting exist in order to alter the user agent of
the browser
and to conseal info.
?
Thank you
Powered by blists - more mailing lists