I don't see in what it would be hard to guess it. Bot admins should know
the difference between a website accessible from the Internet and a
website accessible from a local net: nothing.
More over, I don't think knowing the title of a page is that dangerous.
The only risk is if there is some kind
I don't see in what it would be hard to guess it. Bot admins should know
the difference between a website accessible from the Internet and a
website accessible from a local net: nothing.
More over, I don't think knowing the title of a page is that dangerous.
The only risk is if there is some kind
> There isn't warning about "Unix progstats" command giving out PID,
> username, ...
It doesn't need one. It sounds more likely that it would give out that
kind of thing from its name. That a plugin typically used to print the
of public web pages can be used to poke about the LAN isn't so
obvio
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
09.05.2012 15:17, Ralph Corderoy kirjoitti:
> Mika, I think I explained adequately above. There is no warning in
> the documentation for the plugin that enabling it opens up the LAN
> to interrogation in a way that may not be obvious to the
> administr
Mika, I think I explained adequately above. There is no warning in the
documentation for the plugin that enabling it opens up the LAN to
interrogation in a way that may not be obvious to the administrator
that's having a browse of the plugins and enabling a few here and there.
--
You received thi
How is this plugin dangerous by default? You can easily prevent everyone
from using web.title by running "defaultcapability remove web.title".
Also, the titlesnarfing isn't enabled by default.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to th
** Changed in: supybot (Ubuntu)
Status: New => Confirmed
--
supybot !web title leaks LAN HTTP servers to the channel
https://bugs.launchpad.net/bugs/234629
You received this bug notification because you are a member of Ubuntu
Bugs, which is a direct subscriber.
--
ubuntu-bugs mailing lis
Hi bascule, thanks for pointing out the regex but it's hard or
impossible to concoct one that stops LAN access. Blocking numeric IP
addresses isn't sufficient. I argee this plugin is dangerous by default
and yet nowhere in the documentation, or during selection of this
plugin, does it warn the u
you can add a non-snarfing regex to the title snarfer in supybot,
although not ideal, it offers a level of protection for a user. That
plugin is in some ways dangerous by default as it automatically connects
to any arbitary url that appears in a chan.
--
supybot !web title leaks LAN HTTP servers
** Visibility changed to: Public
--
supybot !web title leaks LAN HTTP servers to the channel
https://bugs.launchpad.net/bugs/234629
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
10 matches
Mail list logo