[EMAIL PROTECTED] wrote: > Today I realized that many "secured" web sites reference their secure > login page from an insecure page. For example: > > http://www.some-luser.com/login.html: > <form action="https://cgi.some-luser.com/login-cgi";> > user: <input name=user> > pass: <input name=pass> > </form>
Welcome to, ohhh, 1997??? I can't be bothered looking it up, but this is ancient. Of course, that it still happens really, often, on huge sites that really should know better says a lot about, well, many things really... Regards, Nick FitzGerald _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
