Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: Microsoft Faces Angry IE Users' Questions
From: "Eric Paynter" <eric () arcticbears com>
Date: Sat, 10 Jul 2004 21:58:39 -0700 (PDT)

On Sat, July 10, 2004 7:00 pm, Nick FitzGerald said:
You need look no further back than the
kerfuffle a couple of months ago over the removal of IE's patently
incorrect support for "user:pwd@" userid data in http URIs for an
example, but there are many other, earlier examples.

I'm a little confused by what you mean here. The "user:pwd@" prefix is a
part of the URI standard documented in the RFC. As far as I can tell, the
patently incorrect part is that they removed it and thus made the browser
(even more) lacking in standards support. It's a simple example of how MS
solves problems:

1. Fix the feature that is vulnerable
2. Disable the feature that is vulnerable

Lately, they just disable the feature. At this rate, pretty soon, Windows
won't do much.


arctic bears - affordable email and name services @yourdomain.com

Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]