[Upcoming] IE update clears up spoofing issue

“Microsoft garnered kudos from security experts this week when it announced it would release a software update that modifies a long-protested default behavior of Internet Explorer (IE) 3.0 and later versions.

IE’s handling of user information in HTTP and HTTPS URLs allows Windows Explorer and IE to open HTTP and HTTPS sites by using a URL that includes user names and passwords. According to Microsoft, a malicious user could also use this URL syntax to create a hyperlink that appears to open a legitimate Web site but which actually opens a spoofed one.”