Full Disclosure mailing list archives
RE:IE
From: John Dowling <greyhatthe2nd () yahoo com>
Date: Tue, 20 Jul 2004 13:34:27 -0700 (PDT)
Not to return to the original post or anything, but was anyone able to identify the registry keys that will sucessfully modify the user-agent string? There seem to be many keys other than HKLM>software>MS>windows>current_version>internet_settings And the key at HKLM>software>MS>windows>current_version>internet_settings>user_agent>post_platform does not contain information other than what is available via group policy (is this key even available to xp home users?)
The real solution is to use a browser with no
known vulnerability (and
that's better if it didn't have a lot in the past),
not to try to hide
what you are using.
Full Disclosure. I believe in it.
While I do agree that exploitation redirects based on
user-agent proliferate, there are far more
functionality-based redirects, and [opinion] I believe
that masking a user-agent would result in a diminished
browsing experience inproportionate to the amount of
protection added.
/jd
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE, (continued)
- Re: IE Cory Crawford (Jul 20)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Full-Disclosure (Jul 20)
- Threat Models (was Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE now on-topic Andrew Latham (Jul 20)
- Motivations... (was Re: IE now on-topic Valdis . Kletnieks (Jul 20)
- Re: Motivations... (was IE now on-topic Andrew Latham (Jul 20)
- Re: Motivations... of White Hats VX Dude (Jul 21)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Syke (Jul 21)