|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Re: "Strip Script Tags" in FW-1 can be circumvented
From: Arne Vidstrom (arne.vidstrom
NTSECURITY.NU)Date: Tue Feb 01 2000 - 12:19:25 CST
- Next message: Miles Sabin: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Previous message: Aleph One: "[Debian] New version of apcd released"
- Maybe in reply to: Arne Vidstrom: ""Strip Script Tags" in FW-1 can be circumvented"
- Next in thread: Miles Sabin: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Maybe reply: Arne Vidstrom: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
The reason to strip script tags would be to protect users from hostile code
which the browsers can't handle themselves. Adding this feature to a
firewall at all, but not making it work properly in all cases (probably a
hopeless task anyway...) makes a false sense of security, which often is
worse than no security at all.
/Arne Vidstrom
> To: BugTraq
> Subject: Re: "Strip Script Tags" in FW-1 can be circumvented
> Date: Mon Jan 31 2000 00:28:29
> Author: Jonah Kowall
>
> I don't consider this a bug in FW-1, but a bug in the products
> navigator, and internet explorer. These tags shouldn't be parsed, because
> they are malformed. The firewall is stripping tags properly, but since
> these tags are malformed you can't expect the firewall to be able to
> recognize them as valid tags.
- Next message: Miles Sabin: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Previous message: Aleph One: "[Debian] New version of apcd released"
- Maybe in reply to: Arne Vidstrom: ""Strip Script Tags" in FW-1 can be circumvented"
- Next in thread: Miles Sabin: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Maybe reply: Arne Vidstrom: "Re: "Strip Script Tags" in FW-1 can be circumvented"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]