KB834489 vs. KB135975: Fix FTP too!
With KB834489, I can not longer use HTTP URLs with embedded credentials to IE5 and IE6. That's great -- good fix.
With KB135975, I can still use FTP URLs with embedded credentials to IE2 and IE6. That's not so good.
I can understand why this was fixed for HTTP/HTTPS. Its a gaping security issue there. But, limiting this just the HTTP/HTTPS protocol is -- at best -- a partial solution. FTP is just as vulnerable and sometimes is even more valuable. Volume of exploit shouldn't matter.