lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Sat Jun 24 12:56:39 2006 From: dan-fd at f-box.org (Dan B) Subject: MySpace - Stupid user security advice that they do not follow Hi, So I was just looking at myspace, hey I don't really want an account, just needed to login to look at someones pics. And I noticed that even though they advise to check for 'login.myspace.com' in the address bar they actually allow login via other subdomains... www1. is the only one i noticed. But come on guys if you advise your users to check for a certain url, then also have a login form on a different url then what is the fscking point of the advice! I know its still a subdomain of myspace.com but its not the one you are referring to, gets the user used to not checking the url 'cause it ain't correct in the first place! I've attached a jpg illustrating. Cheers, DanBUK. -------------- next part -------------- A non-text attachment was scrubbed... Name: myspace_fsck_mod.jpg Type: image/jpeg Size: 64526 bytes Desc: not available Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060624/aa4d922e/myspace_fsck_mod.jpg
Powered by blists - more mailing lists