RE: [Full-Disclosure] Apparently the practice was prevalent

["Shawn K. Hall (RA/Security)" <Security@ReliableAnswers.com>]

> It is unbelievable that the media is spreading such FUD
> about the URL passwords.

"Unbelievable" and "media spreading FUD" in the same sentence?
Twilight Zone.


> The only good thing in this article is the message, that
> it breaks thousands of applications and produces tons of
> unnecessary costs.

I agree.


> If it improves security that people cannot use password
> protected directories anymore... I doubt, I doubt.

Here's a link to the 'workarounds':
  http://support.microsoft.com/?kbid=834489

Believe it or not it actually *does* fix the ascii(1) bug (after you
disable the new 'feature'):
  http://www.microsoft.com
@www.redhat.com/
Actually displays ^ in the address bar. I half-expected MS to skip
fixing the actual bug in favor of the "breaking the standards"
'solution.'


Where do you want to be prevented from going today?
Here's a reg fix:
'// ========================================================
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet
Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME_PASSWORD_DISABLE]
"iexplore.exe"=dword:00000000
"explorer.exe"=dword:00000000
'// ========================================================

Regards,

Shawn K. Hall
http://ReliableAnswers.com/

'// ========================================================
   "You have to press the go button, not the slow button."
      -- Zachary Hall (my son) at age 4, instructing me how
         to drive a vehicle in "Need For Speed II"


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html