[WEB SECURITY] Phishing/Spoofing FAQ, and questions re unprotected login sites

Achim Hoffmann kirke11 at securenet.de
Thu Jun 9 11:38:52 EDT 2005


!! Question 1: do you agree - or disagree - that this is a problem?
agreed, we call this a semantic vulnerability (Jeremiah, please correct me:)

But I'm starting to think about that this is a browser issue too, 'cause
a browser should tell me where a form action goes too. It then should warn
me, just like when I leave a https site.
Someone out there to teach browser developers?

!! Question 2: do you see a very good reason for these sites to operate
!! in this way?
only if performance counts (or they want to become subject for phishing;-)

-- Achim


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list