On Thu, Mar 19, 2009 at 12:29 AM, Ian Hickson <ian@hixie.ch> wrote: > On Thu, 19 Mar 2009, Alexey Proskuryakov wrote: >> >> In fact, it seems very likely that even timing of preflight requests >> makes port scans possible, but I don't have any data to support this >> theory. > > Port scans are already possible with unscripted HTML using <img> elements > and <meta http-equiv="refresh">, and are certainly already possible with > <img> elements and onload=""/onerror="" events. We lost this particular > battle a decade and a half ago when nobody was looking. While I agree that there are other ways of doing this, I think I'd have a really hard time selling a feature that explicitly allows port scanning to our security team. Especially when there is an easy remedy. / JonasReceived on Thursday, 19 March 2009 18:01:16 GMT
This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:30 GMT