Web Browsers

username:password vulnerability

Installed the latest patch for IE which breaks the http://username:password@sitename protocol. The interesting thing is that they break it in more than just the browser. Now if you run the above url from the start/run menu or from the quick launch address bar, the system strips off the username:password@ of the url and takes you direct to the main site. This way it breaks Firebird/Firefox which would work with the username:password option and was not vulnerable to the spoofing flaw. I guess they had to do it this way because of all the intergration with the OS that IE does not do (end sarcasm) Apart from that its not that big a deal anyway. It doesn’t break wget though (which is a relief as that would break a lot of my scripts)