Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: More Internet Explorer zone confusion
From: dave () TECHNOPAGAN ORG (David E. Smith)
Date: Mon, 8 Mar 1999 09:06:23 +0000

On Fri, 5 Mar 1999, Jim Paris wrote about the Local Intranet Zone.

All the comments made are, technically, correct, but Microsoft could have
at least tried. None of these are foolproof, but they're a start.

* Be paranoid about entries in the hosts file. Arguably, hosts files are
obsolete, thanks to DNS. (No, I won't make the argument.)
* Warning dialog boxes for the above, and maybe for anything where the TLD
is guessed at. (The http://microsoft/ example. Just warn the user that the
requested site was guessed, give some sane options like `Go there, treat
it as Internet', `Go there, treat it as local', `Don't go there', and so
on.)
* Anything that doesn't resolve to a designated local zone (10.*.*.*, and
the other reserved addresses) gets the same warning.

Or, just change the default behaviour on all those to treat the site as
Internet rather than intranet. Probably easier that way, though a bit more
troublesome for the user, especially when we guess wrong.

Care to take bets on whether anything even remotely like this is ever
done?

...dave

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]