Microsoft IE patch leaves users locked out

[Dave Farber <dave () farber net>]

Delivered-To: dfarber+ () ux13 sp cs cmu edu
Date: Wed, 04 Feb 2004 11:12:01 -0500
From: Jenny McGregor <jenny062 () comcast net>
Subject: [IP] Microsoft IE patch leaves users locked out
To: dave () farber net, ip () v2 listbox com, dfarber+ () ux13 sp cs cmu edu

Prof. Farber: here is an interesting article. This new patch by Microsoft
prompted my webhosting company to send out an email to its users telling
them how to find away around the log in problems caused by this!

J. McGregor

http://news.zdnet.co.uk/0,39020330,39145482,00.htm

Microsoft IE patch leaves users locked out

Munir Kotadia
ZDNet UK
February 04, 2004, 14:05 GMT

When Microsoft patched a security hole in Internet Explorer this week, it
also blocked users from accessing certain Web sites

A critical security patch released this week that fixes vulnerabilities in
Internet Explorer has left many users unable to access certain Web sites and
Internet resources.

Microsoft's latest IE update, which was released outside the monthly
patching cycle, stops the company's browser from being used to transfer
malicious code to a user's PC and fixes the URL spoofing flaw, but it also
stops URLs from being used to access password-protected Internet resources,
a feature that many companies employ.

Up until June 2003, Microsoft itself thought the system safe enough to use
in Passport, a secure repository designed to hold users' personal
information, including their credit card numbers.

Richard Excoffier, founder of adult entertainment Web site Toteme, told
ZDNet UK that the IE update has left many of his customers complaining that
they cannot access the site: "We distribute our software via shareware and
the registration process uses the feature to communicate with our servers.
We have a rapidly rising number of users complaining because they can't
access the content and resources they have paid for," he said.

According to Excoffier, the company's system can be modified to work with IE
within a few days, but in the cut-throat business of adult entertainment,
losing a percentage of customers because they can't access the systems for
even a short time means they will probably switch to a competitor: "The cost
in human resources is not very high, we're more concerned about customers
giving up because 'our system does not work' within the day or two we need
to fix it," he said.

In addition, the effect of the patch appears to be inconsistent. Some users
have found that even after the patch is applied, IE can still be used to
access resources with a URL password, contrary to Microsoft's claims.

Microsoft was not available for comment.

-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/