Microsoft to fix URL spoofing bug

[LTR12101B]

http://support.microsoft.com/default.aspx?scid=kb;[LN];834489

But you'll no longer be able to use the Username / Password as part of a URL
Yeah, real clever fix that!

 

[scarecrow]

Brilliant indeed! Next best after pulling your net plug out.

 

[banzibaby]

Cheers for the info bud

@scarecrow lol

BaNzI

 

[serjer]

rotflmao brilliant

 

[TheMadGuy]

Yeah, they never stop amazing us with perfect solution to the REAL critical issues in windows.....................

And their suggestion are just the best you could get :

Workarounds for users
URLs that users type in the Address bar or open by clicking a link
If users typically type HTTP or HTTPS URLs that include user information in the Address bar, or click links that include user information in HTTP or HTTPS URLs, you can work around this new functionality in Internet Explorer in two ways:

• Do not include user information in HTTP or HTTPS URLs.
• Instruct users not to include their user information when they type HTTP or HTTPS URLs.

How about that for a workaround.... DONT DO IT!
Hey this really helps, doesn't it ???

Guess the most important lines in the text are these:

How to disable the new behavior or use it in other programs
After you install the software update that is discussed in this article, you can set registry values to use this new behavior in other programs that host the Web browser control or to disable this new behavior for Windows Explorer and Internet Explorer. Microsoft will post more information in this article when the software update becomes available.

To bad, if they released the regkeys now, i could add them and then wait for this useful update.....

So, now lets all hope they release this update fast, i feel so insecure now that i know how dangerous this isse is

Greetnx

 

[scarecrow]

Jokes aside, it's VERY important to know that I can safely use Internet Explorer as far as I am not connected to the Internet! Ain't that just great?