(none) [httpd finding your identity]
Scott Brickner
sjb at universe.digex.net
Mon Jan 15 14:05:17 PST 1996
Jeff Weinstein writes:
>The snoop program is using FTP to find out the user's e-mail
>address. The image on the page is an ftp: URL. Our FTP code
>was sending the user's e-mail address as the password for
>anonymous FTP, which is the usually requested by FTP sites.
>The perl script was waiting for the FTP to happen, and then
>looking at its log to figure out the email address.
>
> I've removed the code that uses the e-mail address as the
>FTP password for anonymous FTPs. You can still enter it by
>hand by using a URL of this form 'ftp://anonymous@ftp.netscape.com'.
>This will cause the navigator to prompt the user for the
>password to send for anonymous. This is a little known feature
>that will also allow users to access non-anonymous ftp
>accounts via netscape.
Or you can use 'ftp://anonymous:password@ftp.netscape.com/', and
skip the prompt. Not really less secure (assuming you can prevent
shoulder surfers) as FTP sends the password in the clear, anyway.
More information about the cypherpunks-legacy
mailing list