Peter Gutmann
Thu, 13 Oct 2005 08:57:18 -0700
Sidney Markowitz <[EMAIL PROTECTED]> writes: >It looks like they are all getting their web sites from the same Hack-In-A- >Box.
My original comment on that was "Looks like they got their security certification from the same cornflakes packet" :-). An anonymous contributor sent in the following comment: -- Snip -- A possible reason that you are seeing similar, in some cases almost the same, language at those different companies web sites is that they may very well have outsourced their website design and/or management to the same company. Which also exmplains the similar approach to security. Back in the late 1990s when I was consulting, I saw brokerage firms doing the same thing. There were companies specializing in providing "online trading" who basically put together a web site with the brokerage firm's logo on the front, but the web sites were owned, managed and located at the "online trading" company. One such company that I know of was using Bourne-shell (horrors) for their cgi scripts. -- Snip -- >https://www.bayfed.org gives me a warning about a certificate that expired >over a year ago, then when I accept it redirects me to the unsecured >http://www.bayfed.com. In addition, trying https://www.bayfed.com gives you the cert for www.bayfed.org. For any phishers reading this, looks like www.americanexpress.org and www.bankofamerica.org (and their corresponding certs) are still available... Peter. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]