| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Thu, 10 Jul 2008 18:36:30 -0400 From: "Elazar Broad" <elazar@...hmail.com> To: full-disclosure@...ts.grok.org.uk Subject: Proxy Autoconfiguration and Internet Explorer Zones I got an interesting issue with Internet Explorer(6 and 7 on Windows XP SP2) and proxy auto-configuration files. I was wondering if anyone has a similar setup and is experiencing behavior like this. My setup is as follows. Client machines are configured to use a PAC file via group policy. The pac file specifies a direct connection(via the DIRECT instruction) for a specific sub-net. The pac file is retrieved from a web server on the internal network. Now, when Internet Explorer connects to an external site, it normally is in the Internet Zone. Now, in this scenario, any external sites are ending up in the Local Intranet zone even though Internet Explorer is connecting directly to the external site(I have verified this through a packet capture). Logically, the DIRECT instruction should place any external sites in the Internet Zone, not Local Intranet, that is if Internet Explorer can properly differentiate what is on the local network or not. I guess if it can't then this whole issue is moot. Elazar -- Beauty Advice Just Got a Makeover Read reviews about the beauty products you have always wanted to try http://tagline.hushmail.com/fc/JKFkuIjyaQKkJn6hzADtsf0pDjSObjxzqmP3B6A3xnkgx01HUokFK4/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists