Comment Surely the reason is obvious? (Score 1) 769
Would
Would
It's difficult to say from the information provided, but it sounds like someone just rediscovered XML entity attacks (as I did a few years ago). Assuming it is the same thing, here are some references from 2002 and 2006 with more details:
http://www.securiteam.com/securitynews/6D0100A5PU.html
http://www.sift.com.au/assets/downloads/SIFT-XML-Port-Scanning-v1-00.pdf
I've used these attacks in real-world tests and they are still surprisingly effective - just not new.
> including styles, theming, remote access, config databases, scalability, and GUI scripting.
Styles - not unless you count colour schemes which were available on platforms like win3.1 already.
Theming - not at all
Remote Access - only the basics that X11 provided for it.
Config Databases - nothing beyond Xt resources which were a pretty much failed implementation from the start.
Scalability - don't make me laugh.
GUI Scripting - did you ever try tooltalk?
CDE was a poor implementation of existing ideas and brought nothing new to the table.
You knew the job was dangerous when you took it, Fred. -- Superchicken