From: David Woolley (david_at_djwhome.demon.co.uk)
Date: Tue Apr 08 2003 - 14:45:32 PDT
> "The flaw is one of three reported to Seti@home by a Dutch security
One of the "flaws" is in there by design. He basically objects (like
many security consultants would) to the information used to provide
the statistics on machines and OSes on their web site. From what I've
seen on other newsgroups and lists, it's a fairly frequently asked
question as to how to stop a package from identifying its version, as
the security consultants have objected.
The other problem is real, although anyone in a position to exploit
it would also, for most people, be in a position to intercept their
outgoing email, and for most people, to get their payment details
(most people don't actually check that the HTTPS address they are
accessing is the one they intended to access).
This archive was generated by hypermail 2.1.6 : Tue Apr 08 2003 - 15:17:24 PDT