Nice one :) You decide what you keep in url. Use case of google map when you're scrolling a map and you want to share a location with your friend is not vulnerable, right? Now it's easier
This can be instantly disregarded because Steve Gibson is a charlatan. He's got a history of getting things wrong as loudly as possible in order to generate reputation. http://attrition.org/errata/charlatan/steve_gibson/
It seems to be one of the immutable laws of the internet that whenever there is a discussion of anything related to Steve Gibson someone will invariably post the link to that attrition.org site.
If I may disregard the entire Ad hominem part and instead focus on the people posting the link. I must wonder how many have actually read what the site says about Steve Gibson and given some thought to what it might mean.
It records a dozen or so issues over a the last 17 years. He has been doing the Security Now podcast since summer of 2005. That is a two hour podcast, 50 episodes a year for twelve year. That is 1200 hours of content. That is like 40 books worth. Then there is also the columns he has written and so on. 40 books attempting to explain security issues to a wider audience with only a dozen errors seems an amazingly low error rate to me.
If you also look at what sort of errors are reported you see that some of them seem to be more the errors of degree, rather than kind. He seems to have a tendency to blow things out of proportion; for hyperbole. But if hyperbole is such a deadly sin, why is their go to reference for Steve Gibson errors The Register?!?
Now I'm sure Steve Gibson has made more mistakes than those, and the he holds silly opinions on some things. Everyone does. But that attrition.org page does not seem to convince me of anything aside from making me lower my esteem for the attrition.org site.
I do wish that rather than this sort utterly lame Ad hominem attacks proposals were judged on their own merit, but this is the internet, so maybe I shouldn't hope for too much.
I wrote an almost identical comment to yours last time there was some discussion about SQRL and Steve and someone mentioned the same thing (your comment is more complete).
I think people have just bookmarked that page and copy-paste it as soon as someone mentions him.
Let it go people. He and Leo have done a wonderful service with Security Now for the community for more than a decade. The quality of his content is better than what you can find in many universities and it's available to everyone for free.
Can we have any of you go on public record every week for 12 years and see how you do?
Really unnecessary and undeserved personal attacks ... gets old.
Which has the basic premise of "if you run a device completely controlled by your company, somehow Firefox will magically have special code integrity that IE doesn't".
They're bits. SYN can be represented as 0x02, ACK can be represented as 0x10. 0x02 BITWISE-OR 0x10, ie SYN BITWISE-OR ACK or 'SYN-ACK' colloquially, is 0x12.
Those are just flags, the message contains much more than the flag. Therefore it is wrong to say that they just send the flags and that the flags are equivalent to SYN and ACK.
