this cross-protocol HTTPS/FTP attack is really interesting http://bugs.proftpd.org/show_bug.cgi?id=4143#c0 … we may face a can of x-prot worms here
@hanno no, but the gist: it killed conns after too many bad commands, and the limit was just low enough to not allow exploitation with IE
-
-
@hanno but IIRC the author added an explicit "kill on HTTP verb" thing -
@hanno ah, sorry, that was wrong. this is what he did to further mitigate: http://hg.dovecot.org/dovecot-2.2/rev/2589f9c5cc04 … - lowers limit to 3 invalid commands - 5 more replies
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.