Jerrold Leichter <[EMAIL PROTECTED]> writes:
> If you look at their site now, they *claim* to have fixed it:  The login box 
> has a little lock symbol on it.  Click on that, and you get a pop-up window 
> discussing the security of the page.  It says that although the page itself 
> isn't protected, "your information is transmitted via a secure environment".
> No clue as to what exactly they are doing, hence if it really is secure.

They're still doing the wrong thing. Unless the page was transmitted
to you securely, you have no way to trust that your username and
password are going to them and not to someone who cleverly sent you an
altered version of the page.


The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]

Reply via email to