« At the risk of sounding geeky | Main | If you're looking for dslreports.com tonight »

They do this to themselves

Microsoft's answer to the IE phishing bug..

The most effective step that you can take to help protect yourself from malicious hyperlinks is not to click them. Rather, type the URL of your intended destination in the address bar yourself. By manually typing the URL in the address bar, you can verify the information that Internet Explorer uses to access the destination Web site. To do so, type the URL in the Address bar, and then press ENTER.

I have a better solution, how about using a browser that is not vulnerable to a huge security hole that apparently the browser maker isn't in any hurry to fix?

Posted by kasia on January 29, 2004 10:20 PM |

TrackBack

Listed below are links to weblogs that reference They do this to themselves:

» Info from Microsoft about the HTTP username support from Vortices of Extelligence
Microsoft have now released an official Knowledge Base article about the removal of support for usernames in HTTP/HTTPS URL's. The great (yep, great, not just good) news is that this will indeed be done for HTTP and HTTPS only, and... [Read More]

Tracked on January 30, 2004 01:22 PM

Comments

Hmmm... Give me Firebird any day of the week! There is one thing about IE that really bugs me though... When you open it and it's loading your homepage, start typing a URL in the address bar. The cursor will jump to the beginning and screw up your address... What's with that?

The creator of the most popular OS in the world can't fix a trivial bug in the most popular browser in the world! Security doesn't really stand a chance does it?

Posted by: Ant | January 29, 2004 10:39 PM

I cant stand with explorer, it sicks me, but this time they are right, the most effective way to do not be attacked its, by far, not to be; as the best way to do not fall ill is to be dead. Anyway there is not much fun not being or being dead, so whats the point on that kind of user-side patch? :)

Posted by: luis | January 30, 2004 02:04 AM

Well, er yes, but can't you see the domain name for this website? Things are purposesly written with a slant against all things Microsoft.

Posted by: Tyler | January 30, 2004 04:59 AM

Tyler, I wouldn't be so sure about that. IMHO, just the fact that you like something should not be extended to mean that you necessarily hate the alternatives, or even some particular alternative that is usually perceived as *the* alternative. Granted, some of kasia's rants are inspired by shortcomings in Microsoft's products or design philosophy, but then she has also written many rants against non-Microsoft products, and even - surprise, surprise - non-Microsoft products that do not even *have* a version for any of Microsoft's OS's :) I wouldn't be so fast as to look at a perfectly justified surprise at a piece of obviously stupid advice and immediately take it to mean a vengeful hatred for all things Microsoft.

And before somebody takes *my* comments the wrong way: I am not a Microsoft zealot or a Windows zealot, but neither am I a Unix or Linux or FreeBSD or any other kind of zealot.. at least not any kind relevant to this particular discussion :P My previous comment was merely meant to point out that there are others within Microsoft who are able to think straight and propose a much better solution to the username-in-HTTP-URL's problem.

Posted by: Peter Pentchev | January 30, 2004 08:19 AM

while we're at time consuming work arounds for lazy programmers... why not just train users to use the host and telnet commands to manually negotiate the display of HTML in plain text from a command prompt... most users are good enough to render the html layout in their heads, right?

:D

Posted by: apokalyptik | January 30, 2004 06:40 PM

Be cause its the most tested, Windows is the most secure! /eyeroll

Posted by: Shawn Liu | February 6, 2004 09:48 AM