|
|
|
|
|
|
IE gets more secure and people complain ?!
IE gets more secure and people complain ?!
I'm appalled by the naiveness of computer users, people are actually upset about a recent security hole Microsoft has finally fixed. The February IE patch that came out Feb 2nd fixed 4 security holes in IE. One of them is the method of sending user name & password in the url via http://username:password@foobar.com
This was a standard set a very long time ago but the thing is, it's a MASSIVE security loophole. When you access a url via this method you are sending both your username AND password in raw text across the net. At the very least the following people have access to it. Everybody in your IP block (that means the other 255 users on yoru cable modem, dsl or dialup account), anybody at your ISP that has access to the logs that keep track of urls (yes, every ISP in the US is required by law to PERMENATELY store user logs) and every router between you and the website.
In realily that is hundreds, if not thousands of people that have your username and password. And since most users have 1 password for every site, they get a domino effect of having your email login, company login, credit card account login, online banking, etc.
What makes me mad is that people are complaining that IE has finally blocked the ability to send username & password as raw text within the url. Now the data is (usually) send via encrypted SSL but even if it is sent as raw text, routers do not log it, nor do ISPs or companies that monitor web surfing. Only people on yoru local IP block might be able to get it, and 255 is better than thousands of people.
People are complaining because this breaks your ability to use some websites. To complain is absurd because if I could walk into your bank and look at yrou bank account and even withdrawl money with needing any form of ID, people would flip out and wouldn't use their service. Well when it comes to a website giving out your login and password to the world, do you want to use them?
This quote really boils my water...
Richard Excoffier, founder of adult entertainment Web site Toteme, told ZDNet UK that the IE update has left many of his customers complaining that they cannot access the site: "We distribute our software via shareware and the registration process uses the feature to communicate with our servers. We have a rapidly rising number of users complaining because they can't access the content and resources they have paid for," he said.
Isn't that like the bank complaining that the government shut them down because they took everybody's account information and printed it in the newspaper?
|
|
|
|