On Thu, Sep 25, 2003 at 10:23:11AM -0700, Mitch Patenaude wrote: > On Thu, Sep 25, 2003 at 06:30:32AM -0700, [EMAIL PROTECTED] wrote: > >http:// > >www.citibank.com:[EMAIL PROTECTED]/3/ > >?IYTEw > >4eVTtbH1w6CpDrT > > Maybe a way for places like Citibank, Paypal and other fraud prone sites > to help prevent this would be to check the referer, and if it's a > strangely > formed url that looks like it might be fraudulent (uses username, lots > of > encoded characters, etc), put up a fraud warning instead of the main > page. > > What do you guys think?
My only question/concern would be... What controls the referrer? Is it mutable? If so, its just another layer for a cracker to hit. I guess for every layer added, some lazy crackers stop doing it is probably a good enough reason... _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech
