On Mon, 9 Feb 2004 13:40:17 -0000 "Richard Hatch" <[EMAIL PROTECTED]> wrote:
[ some stuff deleted ] > I am not a Microsoft fan, but given the huge number of email scams relying > on this type of URL, something clearly had to be done to help protect users. > Microsoft could have simply said "It's not our fault, we can't fix this > without breaking other things". > > I find it curious that this type of response has not been prompted by the > "Hide known file extensions" feature of Windows. > People may think "Why is someone I don't know sending me anna.jpg?" before > they click on the file. > If the filename was anna.jpg.exe, most users think that something fishy was > going on. > > As far as I am concerned, the bottom line is that Microsoft's fix will help > more people than will be affected by it. If people are so bothered by this, > use a different browser. > > It does surprise me that some people in the IT security industry complain > about the lack of security awareness amongst users on one hand, and argue > about keeping support for methods that have been proven to fool users into > click strange URL links. > > It seems to me that people are so eager to continue pet arguments (ie > anti-Microsoft) that any action by Microsoft is immediately scorned. > > Lets stop the flame wars and get back to sharing information so that users > can be better protected. Still there are reasons to be concerned. Your point about hidden file extensions is quiet good. And with a monopolist like microsoft (in fact with any big company) there are reasons to search for possible intentions for doing this or that. Not everything is based on pure technical arguments :/ As far as i remember, Microsoft has a "product" called "Passport" and is deplyoing a framework called dotnet (or something like that :) strange name). Removing support for some form of athentication might be just the easier way of coping with this problem, but certainly might also be part of a bigger picture. That is (sometimes) the way monopolists work towards more market-saturation. Or is this to paranoid !?? ;} my .02 cent user#05 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
