[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] Microsoft removes 'user:passwd@site' support

Quoting Richard Hatch <r.hatch@eris.qinetiq.com>:

> Was Microsoft 'wrong' to simply remove this support?  Maybe.
> Were people wrong to register domain names with reserved characters? Maybe.

You're not getting it, are you? 

You can't reserve a domain with reserved characters. You can expect RFC's to be
used by any participant on the Internet.

Microsoft just chose not to, which is plain wrong. If you don't like the rules,
don't play.

> I am not a Microsoft fan, but given the huge number of email scams relying
> on this type of URL, something clearly had to be done to help protect users.
> Microsoft could have simply said "It's not our fault, we can't fix this
> without breaking other things".

They could have. For example with a popup with the username and password already
filled in and with a explainatory realm. It's not that hard to think up a usable

> I find it curious that this type of response has not been prompted by the
> "Hide known file extensions" feature of Windows.

Not relevant. What's going on within a Windows box is not your or my thing to
discuss. But when Microsoft isn't compliant with Internet RFC's, we're all 


Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html