Visit Our Home Page
 Explored,Designed,Delivered.sm
Welcome, Guest. Please Login or Register (Password Reminder)


Creativyst Forums 
Support & Discussion 
Register Help Search Login  
   
   Creativyst Forums-TOP
   Other People's Products
   M'soft Authentication Fix May Break Existing Websites
(Moderator: admin)
 Author
Topic: M'soft Authentication Fix May Break Existing Websites       [Link=75]
Reply Please log in first.
JRepici
Administrator


Posts: 328





Gender:
      JohnRHere2
    M'soft Authentication Fix May Break Existing Websites   (Date posted: 02/02/04 at 17:24:33) Quote Modify Delete



Note to Creativyst's custom software clients: Creativyst's customers will not be effected by the following problem. This is because custom platform-independent applications designed by Creativyst do not use the authentication technique being discontinued.

Microsoft will drop a popular security authentication method used by many legitimate web sites and web-based applications to admit users to restricted and sensitive areas.

The authentication method is of the form:

        http(s)://username:password @server/resource.ext

Microsoft will disable this technique for authenticating users within Internet Explorer in order to avert "phishing" schemes by malicious attackers.

While this "fix" is expected to break many existing websites who use the authentication technique, Creativyst would like its clients to know that their applications will not be effected by this problem. This is because custom platform-independent applications designed by Creativyst do not use this technique.


. . . . . . .
Background

An attacker implements a phishing scheme by imitating a legitimate site in an attempt to fool users into entering their account ID and passwords. I.E. allows attackers to write the legitimate URL in the address bar without showing the spoofing site, thereby completing the illusion that the users are on the legitimate site.

For more background on this patch see the Microsoft advisory about the URL spoofing fix

       -djr

   E-Mail   Ip: Logged
Reply Please log in first.
Pages: 1
Jump to:

YaBB Board c 2000
YaBB Programming Team
 



















© Copyright 2002 - 2008 Creativyst, Inc.