Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Re: phpBB 2.0.17 (and other BB systems as well).
From: Valdis.Kletnieks () vt edu
Date: Wed, 26 Oct 2005 02:45:17 -0400

On Wed, 26 Oct 2005 00:18:23 CDT, Matthew Murphy said:

It is unclear to me if this is an SP2-only issue.  If it is, it can be
effectively mitigated by setting "Open files by content, not file
extension" to "Disable".  At the very least, Microsoft should turn off
this disastrous mistake of a "feature" in XP SP3.  Perhaps sooner...
like in the next IE critical update.

Never happen.  There's probably *so* many sites that are coded for this
specific "sometimes by content, sometimes by MIME type sent by web server,
sometimes by extension" dain bramage that Microsoft actually *fixing* this
would finally be the event that will cause the customers to rise up and
storm Microsoft HQ with torches and pitchforks.

And Microsoft *knows* they'd be under attack, which is why they haven't fixed it.

I'm not sure they can even fix this in Vista - they're going to have *enough*
backward-combatability problems slowing down corporate uptake of Vista as it
is, the last thing they need is adding to it. (Of course, an equal number of
sites won't upgrade to Vista if it ships and this stuff is *still* not fixed,
so Microsoft is caught between a rock and a hard place....)

Attachment: _bin

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]