North American Network Operators Group
Date Prev | Date Next |
Date Index |
Thread Index |
Author Index |
Historical
Re: Latest IE patch breaking non username:password@encoded websites?
- From: Alexei Roudnev
- Date: Wed Feb 04 00:04:48 2004
So, instead of changing 'visialization' part of IE, MS give up and decided
to drop important piece of standard?
Ok, you can always show HOST name in URL, dim user name, and position
location so that you can see real host. You can show a warning, if user name
looks like real domain name (have . inside and have 2 - 4 chars in last
piece of name), etc etc...
>
> Herman Harless [2/3/2004 10:56 PM] :
> > We're starting to take complaints from folks who have installed the
> > latest IE patch about various broken website functionality. The
> > complaints are not related to folks trying to use the username:password@
> > functionality that was removed by the patch.
> >
> > Is anyone taking similar calls / seeing similar issues?
>
> Yup - that is a "feature" supposed to avoid credit card phish sites that
> try to spoof ebay with billing.ebay.com@some.evil.server/billing etc
>
> --
> srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
> manager, outblaze.com security and antispam operations
|
