Tuesday, May 6, 2008

Fun with Microsoft Live! Mail...

I love my job... my day-job I mean. I've been traveling all over God's creating demonstrating to people that the web applications they have are hopelessly vulnerable to all sorts of exploits. Once the shock wears off, and the people who fainted have been given the smelling salts and are awake again - it's time then time to offer up strategies and methods for fixing this situation.

I was doing a demo the other day and someone asked me why in the world they would want to validate header variables such as "user-agent". I quickly went to the registry, modified my browser settings (this is IE) as so:





I then went to Windows Live! Hotmail just to demonstrate a point. Immediately, my browser had a bit of an issue, as Microsoft reported...

Oh neat....

if I change my "Platform" back to something Microsoft is aware of... everything looks fine again. Point made.

No comments:

Google+