lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <C5BAABE9D0419D4EA0335A4DCC8B9519273C@suka.zaebiz.com>
From: rst at zaebiz.com (rst)
Subject: IE

The browser version could be checked using Jscript.
<script language="JScript">
alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato
r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent);
</script>
Run script above and feel happy.
Basically - you can setup the firewall to filter the user-agent like
strings (Not only in headers).



-----Original Message-----
From: full-disclosure-admin@...ts.netsys.com
[mailto:full-disclosure-admin@...ts.netsys.com] On Behalf Of nicolas
vigier
Sent: Monday, July 19, 2004 3:47 PM
To: Ill will
Cc: full-disclosure@...ts.netsys.com
Subject: Re: [Full-Disclosure] IE

On Sun, 18 Jul 2004, Ill will wrote:

> "user-agent contains very little _sensitive_ info"
> 
> user agents could be used for exploits.. like redirecting the browser 
> to whatever exploit page  by the definition of what browser is 
> connecting to it etc.. so it would be a  good idea for some people to 
> conseal what type of browser is defined in the headers

And you can feel safe with that ? Someone can put an exploit on a page
without checking your browser before.
The real solution is to use a browser with no known vulnerability (and
that's better if it didn't have a lot in the past), not to try to hide
what you are using.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ