I was checking out Steve Gibson's website looking for new updates on his site, and I tried the "browser header" feature. To my surprise, the header information contained the usual information, plus an MS IE6 patch number that I have recently applied!
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; Q312461) Why in the world does MS want the web servers of the world to know if the browser is patched or not ??? I believe this is a great security risk which would allow hacker's websites or a spammer/social engineer sending html email to know the level of patching on the user's machine, and then hack accordingly. I have only noticed this browser header behavior after I applied the latest IE6 cumulative patch Q312461. For Steve Gibson's browser header check, goto: http://nanoprobe.grc.com/x/ne.dll?qg0diq1u ----------- Omar Koudsi IT Architect Network Security Center Special Systems Company http://security.sscjo.com [EMAIL PROTECTED] Tel: (9626) 5664221 Fax: (9626) 5681557
