With its latest security update Microsoft has disabled the ability to pass username:password pairs in URLs. If you usually use this format for connecting to your site via either FTP or HTTP, it will no longer work after you install this update.
posted by johnnydark on Feb 4, 2004 - 34 comments

A new MS Internet Explorer vulnerability is discovered. Most digerati already know about the spammer and lamer trick to publish URLs that look like legitimate hostnames to fool people in to trusting a malicious site. This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com. Today's new IE vulnerability is significantly worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch right way, the guy who found the hole released it to BugTraq on the same day he notified Microsoft. (via Simon Willison)
posted by dejah420 on Dec 9, 2003 - 29 comments

While MS-bashing is often too easy, this statement about recent security holes seemed especially astounding: "Outlook Express ships with every Windows system, or rather as part of IE, so it's on every system. But unless it is configured to receive mail, you are not at risk," said Scott Culp, manager for Microsoft security response. Interesting. Unless it is configured to receive mail, like, you know, an email program.
posted by judith on Oct 11, 2002 - 30 comments

Using Internet Explorer, Outlook, or Outlook Express on a PC? There's a new hack in town, ready to exploit cross site scripts like nobody's business. Do yourself a favor and disarm ActiveX on your settings.
posted by mathowie on Jul 12, 2002 - 6 comments

"MS releases mother of all IE security patches" Per the article: Microsoft has released a cumulative patch for Internet Explorer which the firm says is a "critical" security precaution against crackers which should be applied "immediately". Time to update/upgrade boys and girls. :)
posted by crankydoodle on Dec 14, 2001 - 11 comments

MSIE leaves the door wide open on your Windows OS... I can't believe that the myriad "security holes" are coincidental... maybe we should call them back doors. I mean, really... who do they think they're kidding? We all know who really wants surreptitious access to our systems. [via Glish]
posted by silusGROK on Apr 3, 2001 - 5 comments

Any server can read all your IE cookies. From any domain. Anyone. I was just explaing to my folks that the reason cookies are (generally) safe is that this was NOT possible. Well, it's possible now.
posted by ericost on May 11, 2000 - 32 comments

You know their server isn't particularly secure; well neither is their browser.
posted by ericost on Apr 19, 2000 - 2 comments