[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: [NTSEC] ActiveX, MSIE and Quicken
From:       Bob Beck <beck () obtuse ! com>
Date:       1997-02-01 23:56:15
[Download RAW message or body]

> To try and keep this on a Firewalls vein. The tunneling of anything over
> HTTP is, in my opinion, the crappy technology. That goes for Java
> applets or certificate authentication for that matter. I don't like the
> idea of combining diverse tasks within a single channel if its possible
> to avoid it, and it is possible, so the only reason its not being done
> is to USURP FIREWALLS.

	Perhaps if you're using only a packet filter yes, but
hopefully on a real firewall you're proxying your http, and there's
nothing at all to "USURP". You recognize it, and deal with it in the
proxy.
	
	Notwithstanding that, doing embedded "stuff" like this is
normal, and doing evil with it is a lot older than http:

----------------------
oldvax%mail bigluser@sucker.org
Subject: Hey Dude, Try this neat new script out..
#!/bin/sh
[ insert hack here - trojan .login to mail me their password next time]
[ etc. etc. ]  

[prev in list] [next in list] [prev in thread] [next in thread]