|
Full Disclosure
mailing list archives
Re: Security Hole in HTTP (RFC1945) - Browser-Spoofing
From: Szilveszter Adam <adam () hif hu>
Date: Thu, 01 Apr 2004 08:36:24 +0200
Ron Stiemer wrote:
Hi List,
can anybody confirm this, or is it just an april's fool joke ?
Yes, I can confirm this. After all, I have been "on air" with such a
spoofed browser authentication :-) string for years now, making website
statistcs software cry and webmasters scratch their heads. (FWIW, they
are probably talking about the User-Agent header) If my UA string is to
be believed, I have already moved to a 256-bit OS just in case. And yes,
this was used in the past to get access to websites like the moronic
"only IE allowed here" that were popular a few years ago.
And yes, heise always puts out a joke article (at least one) on April
1st along with c't. Sometimes it is rather hard to find it, because the
contents look plausible enough at first sight and they even spoof
literature listings for it :-) So watch out today.
Regards:
Sz.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
