Some Web developers are complaining that an Internet Explorer patch that's meant to foil Net scams is disabling some applications that didn't put a premium on security.
Microsoft last week announced that a modification to its IE browser would stop the insecure practice of including sensitive information in links. The update, which was released Monday, had some Web site programmers up in arms Wednesday due to complaints from Web users that they could no longer log in to sites that secure entry through credentials included in the URL. "Microsoft may have legitimate reasons for addressing the issue, but the way they addressed it--an across-the-board kill of an industry standard--is troublesome," said James Rosko, a software engineer for a data-processing service on the Web. He and other programmers spent Tuesday night making changes to the programs that process login requests for his company's Web site, which he requested not be named.
The incident could be the first known case of Microsoft getting attention for putting security before a feature used by some of its customers. Microsoft promised to put security first when it launched its Trustworthy Computing Initiative more than two years ago. But some critics have claimed that they haven't seen many results. "I really look at it from the standpoint of the majority of customers," said Stephen Toulouse, security program manager at Microsoft's security response center. "Our customers have said, 'We want security,' and so that is the change that we gave them."
News source: C|Net News.com
2 Comments - Add comment