[WEB SECURITY] Phishing/Spoofing FAQ, and questions re unprotected login sites

Jeremiah Grossman jeremiah at whitehatsec.com
Thu Jun 9 12:10:25 EDT 2005


On Thursday, June 9, 2005, at 08:38  AM, Achim Hoffmann wrote:

> !! Question 1: do you agree - or disagree - that this is a problem?
> agreed, we call this a semantic vulnerability (Jeremiah, please 
> correct me:)

Heheh. I'm not correcting anyone on these sorts of vulnerability 
terminology issues. :)


> But I'm starting to think about that this is a browser issue too, 
> 'cause
> a browser should tell me where a form action goes too. It then should 
> warn
> me, just like when I leave a https site.
> Someone out there to teach browser developers?

This may present a bit more of an "inconvenience", but perhaps its 
worth it. Perhaps the alert could be restricted to if the form had an 
input type of 'password'.


Jeremiah-


---------------------------------------------------------------------
The Web Security Mailing List
http://www.webappsec.org/lists/websecurity/

The Web Security Mailing List Archives
http://www.webappsec.org/lists/websecurity/archive/



More information about the websecurity mailing list