[WEB SECURITY] Phishing/Spoofing FAQ, and questions re unprotected login sites

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 9 12:10:25 EDT 2005

On Thursday, June 9, 2005, at 08:38  AM, Achim Hoffmann wrote:

> !! Question 1: do you agree - or disagree - that this is a problem?
> agreed, we call this a semantic vulnerability (Jeremiah, please 
> correct me:)

Heheh. I'm not correcting anyone on these sorts of vulnerability 
terminology issues. :)

> But I'm starting to think about that this is a browser issue too, 
> 'cause
> a browser should tell me where a form action goes too. It then should 
> warn
> me, just like when I leave a https site.
> Someone out there to teach browser developers?

This may present a bit more of an "inconvenience", but perhaps its 
worth it. Perhaps the alert could be restricted to if the form had an 
input type of 'password'.


The Web Security Mailing List

The Web Security Mailing List Archives

More information about the websecurity mailing list