In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE browser and Windows Explorer will no longer support login urls like this. Problem solved, right?
http(s)://username:password@server/resource.extWith no end in sight to the terrors of Phishing, it is good to see Microsoft take some sort of action, even if extreme. But isn't this a standard supported by other browsers like Mozilla and built into many applications as a means for allowing users to log in via http sans a log in prompt? Well, at least it's a better plan than the company's previous advice.