[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1076271639.6185.15.camel@Star.BerthoudWireless.net>
From: security at 303underground.com (Scott Taylor)
Subject: Apparently the practice was prevalent
Wouldn't it make sense to accept user@...s, but NOT DISPLAY IT on the
address bar? so even if someone clicks on a shady link, they don't see
http://www.visa.com@...oks.com, they only see http://crooks.com on their
address bar? And with all those miserable encoded characters translated
back to plaintext too. Yeah I know. silly idea. Just too bloody obvious
I guess.
On Sun, 2004-02-08 at 12:36, Luke Norman wrote:
> I'm afraid I disagree. Surely its better to disable by default, but
> leave it so that it can be turned on if necessary. People argue that
> windows needs to be shipped with services turned off, but not removed
> completely - a virus could turn these services on, but that isn't
> sufficient cause for removing them. It's a user preference, and if I
> want to be able to enter urls in user:pass@...t format, then I should be
> given the option to do so
>
> Luke
--
Scott Taylor - <security@...underground.com>
BOFH Excuse #429:
Temporal anomaly
Powered by blists - more mailing lists