[67147] in North American Network Operators' Group
Re: Latest IE patch breaking non username:password@encoded websites?
daemon@ATHENA.MIT.EDU (Suresh Ramasubramanian)
Tue Feb 3 12:52:05 2004
Date: Tue, 03 Feb 2004 23:10:08 +0530
From: Suresh Ramasubramanian <suresh@outblaze.com>
To: Herman Harless <herman@ntelos.net>
Cc: nanog <nanog@merit.edu>
In-Reply-To: <1075829209.29062.44.camel@herman>
Errors-To: owner-nanog-outgoing@merit.edu
Herman Harless [2/3/2004 10:56 PM] :
> We're starting to take complaints from folks who have installed the
> latest IE patch about various broken website functionality. The
> complaints are not related to folks trying to use the username:password@
> functionality that was removed by the patch.
>
> Is anyone taking similar calls / seeing similar issues?
Yup - that is a "feature" supposed to avoid credit card phish sites that
try to spoof ebay with billing.ebay.com@some.evil.server/billing etc
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations
