| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: Security at ReliableAnswers.com (Shawn K. Hall (RA/Security))
Subject: Apparently the practice was prevalent
> It is unbelievable that the media is spreading such FUD
> about the URL passwords.
"Unbelievable" and "media spreading FUD" in the same sentence?
Twilight Zone.
> The only good thing in this article is the message, that
> it breaks thousands of applications and produces tons of
> unnecessary costs.
I agree.
> If it improves security that people cannot use password
> protected directories anymore... I doubt, I doubt.
Here's a link to the 'workarounds':
http://support.microsoft.com/?kbid=834489
Believe it or not it actually *does* fix the ascii(1) bug (after you
disable the new 'feature'):
http://www.microsoft.com.@www.redhat.com/
Actually displays ^ in the address bar. I half-expected MS to skip
fixing the actual bug in favor of the "breaking the standards"
'solution.'
Where do you want to be prevented from going today?
Here's a reg fix:
'// ========================================================
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
'// ========================================================
Regards,
Shawn K. Hall
http://ReliableAnswers.com/
'// ========================================================
"You have to press the go button, not the slow button."
-- Zachary Hall (my son) at age 4, instructing me how
to drive a vehicle in "Need For Speed II"
Powered by blists - more mailing lists