[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <20040209145446.61454299.user05@kyberwelt.de>
From: user05 at kyberwelt.de (user05@...erwelt.de)
Subject: Microsoft removes 'user:passwd@...e' support
On Mon, 9 Feb 2004 13:40:17 -0000
"Richard Hatch" <r.hatch@...s.qinetiq.com> wrote:
[ some stuff deleted ]
> I am not a Microsoft fan, but given the huge number of email scams relying
> on this type of URL, something clearly had to be done to help protect users.
> Microsoft could have simply said "It's not our fault, we can't fix this
> without breaking other things".
>
> I find it curious that this type of response has not been prompted by the
> "Hide known file extensions" feature of Windows.
> People may think "Why is someone I don't know sending me anna.jpg?" before
> they click on the file.
> If the filename was anna.jpg.exe, most users think that something fishy was
> going on.
>
> As far as I am concerned, the bottom line is that Microsoft's fix will help
> more people than will be affected by it. If people are so bothered by this,
> use a different browser.
>
> It does surprise me that some people in the IT security industry complain
> about the lack of security awareness amongst users on one hand, and argue
> about keeping support for methods that have been proven to fool users into
> click strange URL links.
>
> It seems to me that people are so eager to continue pet arguments (ie
> anti-Microsoft) that any action by Microsoft is immediately scorned.
>
> Lets stop the flame wars and get back to sharing information so that users
> can be better protected.
Still there are reasons to be concerned. Your point about hidden file extensions
is quiet good. And with a monopolist like microsoft (in fact with any big company)
there are reasons to search for possible intentions for doing this or that.
Not everything is based on pure technical arguments :/
As far as i remember, Microsoft has a "product" called "Passport" and is deplyoing
a framework called dotnet (or something like that :) strange name).
Removing support for some form of athentication might be just the easier way of
coping with this problem, but certainly might also be part of a bigger picture.
That is (sometimes) the way monopolists work towards more market-saturation.
Or is this to paranoid !?? ;}
my .02 cent
user#05
Powered by blists - more mailing lists