Cookie stealing make Cookie Monster MAD!

So here we have Google and Microsoft working together to screw their customers? Isn't that a first or something, those two working together?

ahahah, charges are gathering inside Google's clouds ... thunderbolts are just a couple of volts away.

Or is it Web 3.0?

Will someone at Microsoft please be so kind as to stop IE from guessing the content type?

The web server sends it correctly and then IE ignores it.

The thing that bothers me about this is the expert's motivation. I really hope he is fully and adequately compensated for doing the right thing. What happens if some other security expert finds himself on the edge of starvation, and there he is with a security hole of high value to some criminal organization?

Actually, MS only guess the content-type if it is not sent by the webserver, or if it is one of 26 "known" types.

http://msdn2.microsoft.com/en-us/library/ms775147.aspx

Why? Well, that's more infinite wisdom from Microsoft, in order to "make it easier for an average Joe to put up a personal website without worrying about mimetype details"

http://blogs.msdn.com/ie/archive/2005/02/01/364581.aspx

It's a shame that Gupta doesn't recognise that most websites are put up by professionals*, and that their perhaps well intentioned code is a frigging nightmare at times. "Asking everybody to fix their servers" is precisely what they should do. We expect Microsoft to fix their software, adhere to standards, &c, and they have a right, nay duty, to expect the same in return.

* Insert some reference to professionals using apache and amateurs using IIS here

("infinite wisdom" is a registered trademark of Microsoft Corporation ... well, probably)