Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: Darren W. MacDonald (darrydoosympatico.ca)
Date: Wed Dec 05 2001 - 21:38:24 CST
Poor browsers, confused into thinking that this is Intranet traffic
because it's dotless... <sigh>
See MS KB Q306121 and MS Security Bulletin MS01-051 for details and a
patch for IE.
> -----Original Message-----
> From: maillist [mailto:maillistgo.ro]
> Sent: Wednesday, December 05, 2001 1:25 PM
> To: vuln-devsecurityfocus.com
> Subject: Re: Proxy bypass in Opera : security related ?
> I don't know if that's a problem caused only by Opera, I found that
> surfing with IE (6.0) too.
> Trying to acces diffrent web pages, some of them listed my real IP
> insted of proxy address.
> (e.g. trying to make an account at www.ifriends.com).
> It might be a 'bug' in Opera/IE or a 'high security' web page.
> ----- Original Message -----
> From: "Nicolas Gregoire" <ngregoireexaprobe.com>
> To: <vuln-devsecurityfocus.com>
> Sent: Wednesday, December 05, 2001 11:22 AM
> Subject: Proxy bypass in Opera : security related ?
> > Hi,
> > while I was trying to bypass some URL filtering software using
> formated URLs, I found a problem
> > in the Opera browser.
> > This bug was reported to Opera via their bug notification form, but
> haven't receive any response so far.
> > Details :
> > ======
> > When the URL http://3638218280/ is requested, Opera will try to
> page located at
> > http://22.214.171.124/ (normal DWord to IP address conversion )
> *without* using the configured
> > proxy settings.
> > Scenario :
> > =========
> > I haven't any really interesting scenario for this bug.
> > Yes, it's possible to make a user follow a link and get a page
> using the configured proxy, but if,
> > in a company, there's a proxy and a way to fetch web pages without
> the proxy, the problem is,
> > in my opinion, a security policy problem ....
> > Does anybody see any security implication for this bug ?
> > Nicolas Grégoire 
> >  : http://www.fichtner.net/tools/ip2dword/
> >  : Please excuse my poor english