Re: MS announces change in IE behavior
From: Russ (Russ.Cooper_at_RC.ON.CA)
Date: 01/28/04
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "MS announces change in IE behavior"
- Maybe in reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "MS announces change in IE behavior"
- Next in thread: Parcifal Aertssen: "Re: MS announces change in IE behavior"
- Reply: Parcifal Aertssen: "Re: MS announces change in IE behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 28 Jan 2004 17:42:58 -0500 To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
Just a quick note, I hope to do a more detailed one later.
HIP HIP HOORAY!!!! Way to go Microsoft!!!
I can't tell you how much this pleases me, well, maybe I can...
The 43rd most powerful person in networking today <grin> says;
"The announcement by Microsoft today that it intends on removing the capability for Internet Explorer to accept passwords within HTTP or HTTPS URLs takes my assessment of their Trustworthy Computing Initiative from a possible "D", to a definitely C+. It would've gone to B if they had done this for all protocol types, and if they completely removed any form of encoding in all forms in URLs, I would've given them an A."
This action is a clear demonstration of the TCI promise, security over functionality. No doubt some who will cry foul, "Hey, you're breaking the RFC", or sob because needed functionality is now gone or websites have to be recoded. To them I say a big "Too bad!". The average user, the victim of phishing scams, isn't going to miss the functionality but will happily miss the scams.
No doubt Microsoft's approach is that should they find a way to safely handle all possible URLs with passwords in them, maybe they'll re-introduce the functionality, but not before they're darn sure it's not going to pose a risk.
After all we've seen done, or attempted, involving passwords (or the capability for) in URLs, they are taking the best step I could've hoped for!
Again, big kudos Microsoft, you've addressed this situation in the way most likely to secure your customers, over many cries about broken functionality, no doubt!
Cheers,
Russ - Surgeon General of TruSecure Corporation/NTBugtraq Editor
-----
NTBugtraq Editor's Note:
I'm looking for an event at which I can speak in Australia, specifically near Brisbane, as close to Christmas as possible. Anyone interested in flying me down under at that time, please contact me at Russ.Cooper@rc.on.ca
-----
- Previous message: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "MS announces change in IE behavior"
- Maybe in reply to: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP]: "MS announces change in IE behavior"
- Next in thread: Parcifal Aertssen: "Re: MS announces change in IE behavior"
- Reply: Parcifal Aertssen: "Re: MS announces change in IE behavior"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
