lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Mon Jun 26 23:23:21 2006 From: robert.waters.nospam at gmail.com (Robert Waters) Subject: MySpace - Stupid user security advice that they do not follow On 6/24/06, Dan B <dan-fd@...ox.org> wrote: > Hi, > So I was just looking at myspace, hey I don't really want an account, > just needed to login to look at someones pics. And I noticed that even > though they advise to check for 'login.myspace.com' in the address bar > they actually allow login via other subdomains... www1. is the only one > i noticed. But come on guys if you advise your users to check for a > certain url, then also have a login form on a different url then what is > the fscking point of the advice! I know its still a subdomain of > myspace.com but its not the one you are referring to, gets the user used > to not checking the url 'cause it ain't correct in the first place! Myspace uses virtual subdomains, for load balancing, at least; high-traffic subdomains (groups,forums) don't bog down login and www/collect. I'm not saying this is the best way to do this... But that is pretty silly; I suspect most myspace users would just be confused by that inconsistency, being that they're probably not too tech-savvy.
Powered by blists - more mailing lists