On Tue, 13 Apr 1999, Rabid Wombat wrote:
> [StupidShitDeleted]
> > >
> > > P.S Is it true that Internet Explorer 5 allows people, who are on the
> > > same web site as you to browse your hard drive?
> >
> > No. Too bad, isn't it?
> >
> > Gr. Arjan
> >
>
> Actually, there is an "undocumented feature" in Internet Expl0rwh0re 5
> that allows a web server to access a file on the client's hard drive, if
> the file name is known. Encryption key rings for common packages, data
> files for your Quicken software, etc. are at risk. If the attacker doesn't
> know the name of the data file, they can often pull in the ".ini" file for
> the package, and extract the file name/location from that file.
>
> Be very afraid. Or use BSD/Linux, rather than leaving your security to
> Micro$loth.
There are more risks similar to the one you described - and not only due
to undocumented features, but more due to structural deficiencies.
This also in accounts for Netscape, BTW.
As I recall correctly, the risks regarding encryption key rings are not
related to browser's vulnerabilities (but OTOH,... I might have missed
something...:-))
But to come back at the issue, I still don't know about a way to access
hard disks of my fellow surfers when I am surfing at www.whateversite.com
myself.
Gr. Arjan
----
Eat hard
Sleep hard
Wear glasses if you need them
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
