[67183] in North American Network Operators' Group
Re: Latest IE patch breaking non username:password@encoded websites?
daemon@ATHENA.MIT.EDU (Alexei Roudnev)
Wed Feb 4 00:01:25 2004
From: "Alexei Roudnev" <alex@relcom.net>
To: "Suresh Ramasubramanian" <suresh@outblaze.com>,
"Herman Harless" <herman@ntelos.net>
Cc: "nanog" <nanog@merit.edu>
Date: Tue, 3 Feb 2004 20:59:32 -0800
Errors-To: owner-nanog-outgoing@merit.edu
So, instead of changing 'visialization' part of IE, MS give up and decided
to drop important piece of standard?
Ok, you can always show HOST name in URL, dim user name, and position
location so that you can see real host. You can show a warning, if user name
looks like real domain name (have . inside and have 2 - 4 chars in last
piece of name), etc etc...
>
> Herman Harless [2/3/2004 10:56 PM] :
> > We're starting to take complaints from folks who have installed the
> > latest IE patch about various broken website functionality. The
> > complaints are not related to folks trying to use the username:password@
> > functionality that was removed by the patch.
> >
> > Is anyone taking similar calls / seeing similar issues?
>
> Yup - that is a "feature" supposed to avoid credit card phish sites that
> try to spoof ebay with billing.ebay.com@some.evil.server/billing etc
>
> --
> srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
> manager, outblaze.com security and antispam operations
