In an attempt to do away with spoofed urls all together, Microsoft posted a Knowledge Base Article this week outlining its plans to simply do away with user name and authentication information within urls. With a soon-to-be-released update, your IE browser and Windows Explorer will no longer support login urls like this. Problem solved, right?
With no end in sight to the terrors of Phishing, it is good to see Microsoft take some sort of action, even if extreme. But isn't this a standard supported by other browsers like Mozilla and built into many applications as a means for allowing users to log in via http sans a log in prompt? Well, at least it's a better plan than the company's previous advice.