Being safe on the internet (was Re: Here we go again - ISP DPI, but is it interception?)
Francis Davey
fjmd1a at gmail.com
Wed Aug 4 09:00:53 BST 2010
On 4 August 2010 08:57, Matthew Pemble <matthew at pemble.net> wrote:
>
>
> Or is the point that people are becoming confused between URL truncation and
> a "Directory Traversal Attack", using the well-known '/../' syntax (just the
> same as, at the time, appending '.' to a .php URL often gave you the script
> source rather than the product)? Although Peter's pdf doesn't make it clear
> although other contemporaneous sources
> (http://www.samizdata.net/blog/archives/008118.html) do mention the method.
>
Could be. I was careful not to comment on that particular case because
the details are so unclear. Peter's pdf is, as you say, short on
detail. Its the kind of thing that's easy to misreport I suspect.
--
Francis Davey
More information about the ukcrypto
mailing list