There is a new kb article about ie address spoofing. KB834489, which details how MS are going to address the address bar spoofing that hit the headlines several months ago and which I demonstrated here. Basically they are fixing it by disabling internet explorer from accepting urls in the format of http://username:[email protected] This sounds like its breaking the WWW agreed format for urls and could stop bookmarks (and other applications?) from storing usernames/passwords etc. I’m not convinced this is a good workaround as it means some urls will work in mozilla, opera etc but not in ie. Will be interesting to see if this also breaks ie wrappers such as Myie.