lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat Jun 24 12:56:39 2006
From: dan-fd at f-box.org (Dan B)
Subject: MySpace - Stupid user security advice that they
	do not follow

Hi,
So I was just looking at myspace, hey I don't really want an account,
just needed to login to look at someones pics. And I noticed that even
though they advise to check for 'login.myspace.com' in the address bar
they actually allow login via other subdomains... www1. is the only one
i noticed. But come on guys if you advise your users to check for a
certain url, then also have a login form on a different url then what is
the fscking point of the advice! I know its still a subdomain of
myspace.com but its not the one you are referring to, gets the user used
to not checking the url 'cause it ain't correct in the first place!

I've attached a jpg illustrating.

Cheers,
DanBUK.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: myspace_fsck_mod.jpg
Type: image/jpeg
Size: 64526 bytes
Desc: not available
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060624/aa4d922e/myspace_fsck_mod.jpg

Powered by blists - more mailing lists