[EMAIL PROTECTED] wrote:
On Wed, 10 Aug 2005, Nick FitzGerald wrote:
[EMAIL PROTECTED] wrote:
Today I realized that many "secured" web sites reference their secure
login page from an insecure page.
Welcome to, ohhh, 1997???
I can't be bothered looking it up, but this is ancient.
Ok, good -- I'm not missing something then. Almost a decade later and
they still repeat history. Guess its time to contact the vendor - wheee!
A note for those who use online banking: check for the s!
If you use Firefox or Mozilla (and if not, why not? :-) ) look into the FormFox
plugin, which will show you the target of a click-button POST.
Doesn't help the crappy javascript versions, but good for most.
Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
