Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Microsoft removes 'user:passwd@site' support

From: user05 () kyberwelt de
Date: Mon, 9 Feb 2004 14:54:46 +0100
On Mon, 9 Feb 2004 13:40:17 -0000
"Richard Hatch" <r.hatch () eris qinetiq com> wrote:

[ some stuff deleted ]


I am not a Microsoft fan, but given the huge number of email scams relying
on this type of URL, something clearly had to be done to help protect users.
Microsoft could have simply said "It's not our fault, we can't fix this
without breaking other things".

I find it curious that this type of response has not been prompted by the
"Hide known file extensions" feature of Windows.
People may think "Why is someone I don't know sending me anna.jpg?" before
they click on the file.
If the filename was anna.jpg.exe, most users think that something fishy was
going on.

As far as I am concerned, the bottom line is that Microsoft's fix will help
more people than will be affected by it.  If people are so bothered by this,
use a different browser.

It does surprise me that some people in the IT security industry complain
about the lack of security awareness amongst users on one hand, and argue
about keeping support for methods that have been proven to fool users into
click strange URL links.

It seems to me that people are so eager to continue pet arguments (ie
anti-Microsoft) that any action by Microsoft is immediately scorned.

Lets stop the flame wars and get back to sharing information so that users
can be better protected.


Still there are reasons to be concerned. Your point about hidden file extensions
is quiet good. And with a monopolist like microsoft (in fact with any big company)
there are reasons to search for possible intentions for doing this or that.
Not everything is based on pure technical arguments :/
As far as i remember, Microsoft has a "product" called "Passport" and is deplyoing
a framework called dotnet (or something like that :) strange name).
Removing support for some form of athentication might be just the easier way of
coping with this problem, but certainly might also be part of a bigger picture.
That is (sometimes) the way monopolists work towards more market-saturation.
Or is this to paranoid !?? ;}

my .02 cent

user#05

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: