[ale] Mozilla strangeness
Geoffrey
esoteric at 3times25.net
Wed Oct 27 15:27:44 EDT 2004
James P. Kinney III wrote:
> On Wed, 2004-10-27 at 09:15, Geoffrey wrote:
>
>> James P. Kinney III wrote:
>>
>>
>>> Currently the calendar access is through a basic .htaccess form
>>> that involves sending username and password. I have not checked
>>> to see if the data is cached past a closing of the app yet.
>>
>> Then you should know that the password is passed in plai text when
>> accessing it via the web anyway.
>
>
> Yep. I was seeing as an office exploit (Fred goes to lunch and evil
> Joe types access:config and gets his calendar and password. Then goes
> in and "reschedules" some important meetings so evil Joe looks good
> and Fred get fired).
Fred's an idiot for leaving his box unprotected.
--
Until later, Geoffrey
More information about the Ale
mailing list