[ale] OT: MS disabling features and changing old standards.
Jason Day
jasonday at worldnet.att.net
Sun Feb 15 14:15:55 EST 2004
On Sun, Feb 15, 2004 at 12:24:08PM -0500, Adrin wrote:
> Has anyone noticed that another
> recent update also took out http://username:password@www.website.com?
Yes, this is because of all the phishing scams which expoloit this.
This was posted to bugtraq a few weeks ago, more info is here:
http://support.microsoft.com/default.aspx?scid=kb;en-us;834489
It's also interesting to note that, despite the fact that many browsers
support this URL syntax, it's not valid according to the RFCs, as
pointed out in this message:
http://www.securityfocus.com/archive/1/352429/2004-01-29/2004-02-04/0
--
Jason Day jasonday at
http://jasonday.home.att.net worldnet dot att dot net
"Of course I'm paranoid, everyone is trying to kill me."
-- Weyoun-6, Star Trek: Deep Space 9
More information about the Ale
mailing list