Full Disclosure mailing list archives
Re: Apparently the practice was prevalent
From: Mattias Ahnberg <mattias () ahnberg pp se>
Date: Tue, 10 Feb 2004 11:32:46 +0100
"ST" == Scott Taylor <security () 303underground com> writes:
ST> Wouldn't it make sense to accept user@pass, but NOT DISPLAY IT on the ST> address bar? so even if someone clicks on a shady link, they don't see ST> http://www.visa.com () crooks com, they only see http://crooks.com on their ST> address bar? And with all those miserable encoded characters translated ST> back to plaintext too. Yeah I know. silly idea. Just too bloody obvious ST> I guess. Now that they have implemented this behavior and has made it into a defacto standard I too agree that it is just silly to suddenly remove it due to other wrongdoings in the browser. I do however agree that it is a problem that could help people to be more easily fooled than normally. But if so, why not just make it alert the user that something might be fishy? As someone else suggested, change the color in the URL of the user:pass part into something else, light an icon to warn the user of it or even (*shiver*) have it pop up a warning notice. I think that all of those would be better than just all of a sudden disabling a feature that people are actually using for a lot of live purposes. /ahnberg. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Apparently the practice was prevalent Paul Schmehl (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent Stefan Esser (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- Re: Apparently the practice was prevalent hggdh (Feb 08)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Scott Taylor (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Mattias Ahnberg (Feb 10)
- Re: Apparently the practice was prevalent Luke Norman (Feb 08)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- Re: Apparently the practice was prevalent Ron DuFresne (Feb 09)
- Re: Apparently the practice was prevalent Nick FitzGerald (Feb 08)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- RE: Apparently the practice was prevalent Nick FitzGerald (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 09)
- RE: Apparently the practice was prevalent Shawn K. Hall (RA/Security) (Feb 08)
- <Possible follow-ups>
- RE: Apparently the practice was prevalent Schmehl, Paul L (Feb 09)
- Re: Apparently the practice was prevalent Cael Abal (Feb 09)
- RE: Apparently the practice was prevalent John . Airey (Feb 10)
- Re: Apparently the practice was prevalent Martin Mačok (Feb 10)