story: capabilities in action

Tyler Close
Mon, 6 Mar 2000 17:37:56 -0500

> %-> > 1. Both Netscape and Explorer do not save pages
> delivered by HTTPS in
> %-> > the history cache. They are saved in the "in-memory"
> cache; however,
> %-> > this "in-memory" cache is cleared as soon as you
> close your browser
> %-> > window. This is an easy thing to test out for yourself.
> %->
> %-> Except when it core dumps
> Or when "IEXPLORE.EXE has generated an illegal instruction
> and will be shut
> down. A log file is being written." followed by fifteen
> minutes of intense
> disk-thrashing in Win2K. ;-)

Taking advantage of either of these requires access to the physical
machine and is therefore the same as the cache file exploit that I
mentioned. In all cases, my second point still holds.

I do however share your contempt for Windows. ;)


Do You Yahoo!?
Talk to your friends online with Yahoo! Messenger.