lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: eric at arcticbears.com (Eric Paynter)
Subject: Microsoft Faces Angry IE Users' Questions

On Sat, July 10, 2004 7:00 pm, Nick FitzGerald said:
> You need look no further back than the
> kerfuffle a couple of months ago over the removal of IE's patently
> incorrect support for "user:pwd@" userid data in http URIs for an
> example, but there are many other, earlier examples.

I'm a little confused by what you mean here. The "user:pwd@" prefix is a
part of the URI standard documented in the RFC. As far as I can tell, the
patently incorrect part is that they removed it and thus made the browser
(even more) lacking in standards support. It's a simple example of how MS
solves problems:

1. Fix the feature that is vulnerable
2. Disable the feature that is vulnerable

Lately, they just disable the feature. At this rate, pretty soon, Windows
won't do much.

-Eric

--
arctic bears - affordable email and name services @yourdomain.com
http://www.arcticbears.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ