Nathan (gemsling) wrote,
Nathan
gemsling

Again on the Microsoft thing

One of the vulnerabilities corrected by the update I mentioned in the last post is the one where someone can alter what is displayed in the address bar, such that you think you are using http://www.westpac.com.au, but you are actually using password capturing site http://www.westpac.com.au:blah@actual.domain.example

Microsoft has now disabled the use of basic auth within URLs. ie: http://username:password@example.com

Good one! Now, it probably will help avoid some problems and it's not like there's a great need for such URLs anyway, but... I just can't help but think Microsoft is saying "look, we can't be sure how many more problems are going to surface in this software, so let's just cripple it a bit so that undiscovered vulnerabilities can't be exploited so easily".
Subscribe

  • Yay for Phase One!

    For a long time, I've used iView MediaPro to manage my photos. Functionality includes thumbnails, slideshows, metadata editing and so forth. iView no…

  • Monday Morning, 3 A.M.

    Time to stop thinking about resuming posting to Flickr and just actually post to Flickr, methinks. I gotta stop being held back by the nonsensical…

  • Printing photos: where now?

    Rabbit Photo has all but disappeared from Victoria and Officeworks suck at photo printing. Any recommendations?

  • Post a new comment

    Error

    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment