[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] (no subject)

To: nick@virus-l.demon.co.uk
Subject: Re: [Full-Disclosure] (no subject)
From: Valdis.Kletnieks@vt.edu
Date: Fri, 05 Dec 2003 21:42:32 -0500

On Sat, 06 Dec 2003 11:00:35 +1300, Nick FitzGerald <nick@virus-l.demon.co.uk>  
said:

> Indeed -- this is a classic exploit of a classic case of several 
> _really, really BAD_ design decisions.

Mea culpa.  Ignore my previous posting.

I thought you were flaming the guys at visa.com, when most of the blame goes to
the crackheads who desighed the HTTP URI format and the crackheads at MS who
implemented it. ;)

Attachment: pgp00012.pgp
Description: PGP signature

Follow-Ups:
- Re: [Full-Disclosure] (no subject)
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>

References:
- Re: [Full-Disclosure] (no subject)
  - From: Nick FitzGerald <nick@virus-l.demon.co.uk>

Prev by Date: Re: [Full-Disclosure] Partial Solution to SUID Problems
Next by Date: Re: [Full-Disclosure] [OMG] NSRG Security & Lorenzo Hernandez "SuckYouBeans" Garcia-Hierro
Previous by thread: Re: [Full-Disclosure] (no subject)
Next by thread: Re: [Full-Disclosure] (no subject)
Index(es):
- Date
- Thread