nanog mailing list archives

Re: Latest IE patch breaking non username:password@encoded websites?

From: "Alexei Roudnev" <alex () relcom net>
Date: Tue, 3 Feb 2004 20:59:32 -0800



So, instead of changing 'visialization' part of IE, MS give up and decided
to drop important piece of standard?
Ok, you can always show HOST name in URL, dim user name, and position
location so that you can see real host. You can show a warning, if user name
looks like real domain name (have . inside and have 2 - 4 chars in last
piece of name), etc etc...


Herman Harless  [2/3/2004 10:56 PM] :

We're starting to take complaints from folks who have installed the
latest IE patch about various broken website functionality.  The
complaints are not related to folks trying to use the username:password@
functionality that was removed by the patch.

Is anyone taking similar calls / seeing similar issues?


Yup - that is a "feature" supposed to avoid credit card phish sites that
  try to spoof ebay with billing.ebay.com () some evil.server/billing etc

-- 
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

Current thread:

Latest IE patch breaking non username:password@encoded websites? Herman Harless (Feb 03)
- RE: Latest IE patch breaking non username:password@encoded websites? Bob German (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Bryan Heitman (Feb 03)
  - Re: Latest IE patch breaking non username:password@encoded websites? Jeff Workman (Feb 03)
    - Re: Latest IE patch breaking non username:password@encoded websites? Scott Call (Feb 03)
  - RE: Latest IE patch breaking non username:password@encoded websites? David Schwartz (Feb 03)
- Re: Latest IE patch breaking non username:password@encoded websites? Suresh Ramasubramanian (Feb 03)
  - Re: Latest IE patch breaking non username:password@encoded websites? Alexei Roudnev (Feb 03)
    - Re: Latest IE patch breaking non username:password@encoded websites? Duane Wessels (Feb 03)