lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Wed Aug 10 03:43:11 2005
From: jeff-kell at utc.edu (Jeff Kell)
Subject: Insecure http pages referencing https

fd@...nsci.us wrote:
> On Wed, 10 Aug 2005, Nick FitzGerald wrote:
>>fd@...nsci.us wrote:
>>
>>>Today I realized that many "secured" web sites reference their secure 
>>>login page from an insecure page.

>>Welcome to, ohhh, 1997???
>>I can't be bothered looking it up, but this is ancient.

> Ok, good -- I'm not missing something then.  Almost a decade later and 
> they still repeat history.  Guess its time to contact the vendor - wheee!
> A note for those who use online banking: check for the s!

If you use Firefox or Mozilla (and if not, why not? :-) ) look into the FormFox plugin, which will show you the target of a click-button POST.

Doesn't help the crappy javascript versions, but good for most.

Jeff

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ