On Sat, 06 Dec 2003 11:00:35 +1300, Nick FitzGerald <nick@virus-l.demon.co.uk> said:
> Indeed -- this is a classic exploit of a classic case of several
> _really, really BAD_ design decisions.
Mea culpa. Ignore my previous posting.
I thought you were flaming the guys at visa.com, when most of the blame goes to
the crackheads who desighed the HTTP URI format and the crackheads at MS who
implemented it. ;)
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
This archive was generated by hypermail 2.1.8 : Fri Dec 05 2003 - 22:01:00 CST
