HELP me please

[iammrxxx]

Everytime I copy and paste a password,

(example: "http://bshaw:letitrid:@www.hotglamourgirls.com/members/")

I get a "invalid syntax error;" and "This page cannot be displayed"

I've been at this site for a long time and NEVER had this problem, but EVERY time I try to access a site now, I get the same error.

What is going on?

Thanks for responding.

[tichy]

	Quote:
	Originally posted by iammrxxx Everytime I copy and paste a password, (example: "http://bshaw:letitrid:@www.hotglamourgirls.com/members/") I get a "invalid syntax error;" and "This page cannot be displayed" I've been at this site for a long time and NEVER had this problem, but EVERY time I try to access a site now, I get the same error. What is going on? Thanks for responding.

Simple. It should not be http://bshaw:letitrid:@ ... but http://bshaw:letitrid@ ...

It means, the ":" before the "@" is not correct http syntax.

[vettdj]

This was within the latest security update for IE via Microsoft Security Bulletin MS04-004 at the msn website.

Cumulative Security Update for Internet Explorer (832894)
Issued: February 2, 2004
Updated: February 3, 2004
Version Number: 1.1

Summary
Who should read this document: Customers who are using Microsoft® Internet Explorer

This is the part that effect all of us. Basically, Microshaft is trying to get rid of the user:pass in front of our urls;

A vulnerability that involves the incorrect parsing of URLs that contain special characters. When combined with a misuse of the basic authentication feature that has "username:password@" at the beginning of a URL, this vulnerability could result in a misrepresentation of the URL in the address bar of an Internet Explorer window. To exploit this vulnerability, an attacker would have to host a malicious Web site that contained a Web page that had a specially-crafted link. The attacker would then have to persuade a user to click that link. The attacker could also create an HTML e-mail message that had a specially-crafted link, and then persuade the user to view the HTML e-mail message and then click the malicious link. If the user clicked this link, an Internet Explorer window could open with a URL of the attacker's choice in the address bar, but with content from a Web Site of the attacker's choice inside the window. For example, an attacker could create a link that once clicked on by a user would display http://www.tailspintoys.com in the address bar, but actually contained content from another Web Site, such as http://www.wingtiptoys.com. (Note: these web sites are provided as an example only, and both redirect to hxxp://www.microsoft.com.)

Aint that a bitch!

~vettdj

[mutelabs]

yea i only noticed it happening today, does mozilla or opera let u run URL's like IE 'used' to?

[iammrxxx]

tichy, thanks a lot, but that didn't help.

vettdj, does that mean that everyone using IE has this problem now? How do I/we get around this? Do we now have to manually type in each and every userass?

Thanks again.

	Quote:
	Originally posted by mutelabs yea i only noticed it happening today, does mozilla or opera let u run URL's like IE 'used' to?

Yes, These Are Real Browsers Not Like That M$ IE Thing

	Quote:
	Originally posted by iammrxxx vettdj, does that mean that everyone using IE has this problem now? How do I/we get around this? Do we now have to manually type in each and every user:pass

Yes, If You Use IE You Have To type in each and every user:pass, Or Copy/Paste

[The Roots]

damn microsoft, always trying to screw the average joe.

[mutelabs]

/me re-installs mozilla firebird

[Karso]

The following are two fixes for the problem. I found both on another passes site.

I don't know if they actually work, so use at your own risk!



a) If you want to render a relatively easy fix if you've already installed the update:

To disable the new default behavior in Windows Explorer and Internet Explorer, create iexplore.exe and explorer.exe DWORD values in one of the following registry keys and set their value data to 0:

For all users:
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME
_PASSWORD_DISABLE

For the current user only:

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_HTTP_USERNAME
_PASSWORD_DISABLE

b) ...I don't know guys but for me messing with the Registry is like messing with somebody's brain, you mess it up and you are dead....so, I did some brainstorming and this program fixed the problem....If you have Windows XP(the most affected) and have already installed the latest windows auto-update....Go to Start, Accessories, System tools and press on "SYSTEM RESTORE" (this program does magic!!!)...keeping in mind that the auto-update was released on 2/2/04, restore your system back a couple days at least, and hit OK.....once your system gets rebooted, the computer will actually behave as it never downloaded the Windows auto-update patch.....YOU ARE SET!!!!....the funny thing is that after a few minutes the auto-update screen will pop up and ask you to install the update that you installed on 2/2/04....just avoid it as much as you can(try me in 3 days!) until some computer geek comes with a patch that fix the nagging "invalid syntax error"......as for concerns on security issues, well guys, nothing comes free in life.....as long as you have a firewall protector (Zone Alarm)and keep a low profile online, you should not be worryng about being hacked....Of course, with all kind of shit happening online, all updates from MS should be taken seriously, so it is your choice...Hopefully, someone will come up with a fix....GOOD LUCK

[vettdj]

Now we just have to hope and pray that mozilla & the others don't follow microcrap's lead on this. I'll keep a watch on this one for sure.

In any case, I would bet that this problem is going to be coming up as a "help me" on every board in the world for a while. We might want to make a sticky for our people here.

Especially with the great fix that Karso just posted above. Nice job Karso!!!