Latest IE patch breaking non username:password at encoded websites?
Alexei Roudnev
alex at relcom.net
Wed Feb 4 04:59:32 UTC 2004
So, instead of changing 'visialization' part of IE, MS give up and decided
to drop important piece of standard?
Ok, you can always show HOST name in URL, dim user name, and position
location so that you can see real host. You can show a warning, if user name
looks like real domain name (have . inside and have 2 - 4 chars in last
piece of name), etc etc...
>
> Herman Harless [2/3/2004 10:56 PM] :
> > We're starting to take complaints from folks who have installed the
> > latest IE patch about various broken website functionality. The
> > complaints are not related to folks trying to use the username:password@
> > functionality that was removed by the patch.
> >
> > Is anyone taking similar calls / seeing similar issues?
>
> Yup - that is a "feature" supposed to avoid credit card phish sites that
> try to spoof ebay with billing.ebay.com at some.evil.server/billing etc
>
> --
> srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
> manager, outblaze.com security and antispam operations
More information about the NANOG
mailing list