Re: Microsoft's fix for URL containing username:password@ obfuscation

[Nick FitzGerald <nick () virus-l demon co uk>]

Cael Abal <lists () onryou com> wrote:

> Please tell me you don't do a lot of web browsing from your server.
>
> IE being required on a Windows server (for SUS management, etc.) is 
> one of my pet peeves -- but folks who browse the internet from their 
> server actively freak me out.
>
> (This isn't directed specifically at you, Zach, but to people who 
> play Russian roulette logged in as a domain admin.)

Indeed.

The non-removal of the "client-software integrating" parts of IE from 
Windows Server 2003 is one measure of just how much the "Trusted 
Computing Iniative" was hot-air over substance.  Not providing the 
possibility of removing stupid network client access tools that are "an 
integral part of the OS", or at least allowing their absolute 
separation to "genuinely safe" user groups, shows how much important 
folk at MS stilll "just don't get security".


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html