Idea off the top of my head - please tell me why it won't work.
Could we parse all form submissions over unencrypted channels and put up an alert ("You _really_ don't want to do this!") if any of the fields was a sixteen-digit number which passed the credit-card-number checksum algorithm?
OK, so some places have four boxes for four digits each, but with clever coding, we might be able to catch that version too.
Gerv _______________________________________________ Mozilla-security mailing list Mozilla-security@mozilla.org http://mail.mozilla.org/listinfo/mozilla-security