lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list] 
Message-Id: <20080710223631.A69572003D@mailserver7.hushmail.com>
Date: Thu, 10 Jul 2008 18:36:30 -0400
From: "Elazar Broad" <elazar@...hmail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Proxy Autoconfiguration and Internet Explorer
	Zones

I got an interesting issue with Internet Explorer(6 and 7 on 
Windows XP SP2) and proxy auto-configuration files. I was wondering 
if anyone has a similar setup and is experiencing behavior like 
this. My setup is as follows. Client machines are configured to use 
a PAC file via group policy. The pac file specifies a direct 
connection(via the DIRECT instruction) for a specific sub-net. The 
pac file is retrieved from a web server on the internal network. 
Now, when Internet Explorer connects to an external site, it 
normally is in the Internet Zone. Now, in this scenario, any 
external sites are ending up in the Local Intranet zone even though 
Internet Explorer is connecting directly to the external site(I 
have verified this through a packet capture). Logically, the DIRECT 
instruction should place any external sites in the Internet Zone, 
not Local Intranet, that is if Internet Explorer can properly 
differentiate what is on the local network or not. I guess if it 
can't then this whole issue is moot.

Elazar

--
Beauty Advice Just Got a Makeover
Read reviews about the beauty products you have always wanted to try
http://tagline.hushmail.com/fc/JKFkuIjyaQKkJn6hzADtsf0pDjSObjxzqmP3B6A3xnkgx01HUokFK4/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ