Nathan (gemsling) wrote,

Again on the Microsoft thing

One of the vulnerabilities corrected by the update I mentioned in the last post is the one where someone can alter what is displayed in the address bar, such that you think you are using, but you are actually using password capturing site

Microsoft has now disabled the use of basic auth within URLs. ie:

Good one! Now, it probably will help avoid some problems and it's not like there's a great need for such URLs anyway, but... I just can't help but think Microsoft is saying "look, we can't be sure how many more problems are going to surface in this software, so let's just cripple it a bit so that undiscovered vulnerabilities can't be exploited so easily".

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

  • 1 comment