On Wed, 10 Aug 2005, Nick FitzGerald wrote: > [EMAIL PROTECTED] wrote: > > Today I realized that many "secured" web sites reference their secure > > login page from an insecure page. For example: > > > > http://www.some-luser.com/login.html: > > <form action="https://cgi.some-luser.com/login-cgi";> > > user: <input name=user> > > pass: <input name=pass> > > </form> > > Welcome to, ohhh, 1997??? > > I can't be bothered looking it up, but this is ancient. > > Of course, that it still happens really, often, on huge sites that > really should know better says a lot about, well, many things really... > > > Regards, > > Nick FitzGerald
Ok, good -- I'm not missing something then. Almost a decade later and they still repeat history. Guess its time to contact the vendor - wheee! A note for those who use online banking: check for the s! Thank you for your confirmation, Nick! -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
