mailing list archives
Re: Re: phpBB 2.0.17 (and other BB systems as well).
From: Valdis.Kletnieks () vt edu
Date: Wed, 26 Oct 2005 02:45:17 -0400
On Wed, 26 Oct 2005 00:18:23 CDT, Matthew Murphy said:
It is unclear to me if this is an SP2-only issue. If it is, it can be
effectively mitigated by setting "Open files by content, not file
extension" to "Disable". At the very least, Microsoft should turn off
this disastrous mistake of a "feature" in XP SP3. Perhaps sooner...
like in the next IE critical update.
Never happen. There's probably *so* many sites that are coded for this
specific "sometimes by content, sometimes by MIME type sent by web server,
sometimes by extension" dain bramage that Microsoft actually *fixing* this
would finally be the event that will cause the customers to rise up and
storm Microsoft HQ with torches and pitchforks.
And Microsoft *knows* they'd be under attack, which is why they haven't fixed it.
I'm not sure they can even fix this in Vista - they're going to have *enough*
backward-combatability problems slowing down corporate uptake of Vista as it
is, the last thing they need is adding to it. (Of course, an equal number of
sites won't upgrade to Vista if it ships and this stuff is *still* not fixed,
so Microsoft is caught between a rock and a hard place....)
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Nicob (Oct 27)
Re: phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit. Paul Laudanski (Oct 29)