Full Disclosure mailing list archives
Re: Insecure http pages referencing https form-actions.
From: fd () ew nsci us
Date: Tue, 9 Aug 2005 18:12:20 -0700 (PDT)
On Wed, 10 Aug 2005, Nick FitzGerald wrote:
fd () ew nsci us wrote:Today I realized that many "secured" web sites reference their secure login page from an insecure page. For example: http://www.some-luser.com/login.html: <form action="https://cgi.some-luser.com/login-cgi"> user: <input name=user> pass: <input name=pass> </form>Welcome to, ohhh, 1997??? I can't be bothered looking it up, but this is ancient. Of course, that it still happens really, often, on huge sites that really should know better says a lot about, well, many things really... Regards, Nick FitzGerald
Ok, good -- I'm not missing something then. Almost a decade later and they still repeat history. Guess its time to contact the vendor - wheee! A note for those who use online banking: check for the s! Thank you for your confirmation, Nick! -Eric -- Eric Wheeler Vice President National Security Concepts, Inc. PO Box 3567 Tualatin, OR 97062 http://www.nsci.us/ Voice: (503) 293-7656 Fax: (503) 885-0770 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Insecure http pages referencing https form-actions. fd (Aug 09)
- Re: Insecure http pages referencing https form-actions. Nick FitzGerald (Aug 09)
- Re: Insecure http pages referencing https form-actions. fd (Aug 09)
- Re: Insecure http pages referencing https Jeff Kell (Aug 09)
- Re: Insecure http pages referencing https form-actions. fd (Aug 09)
- Message not available
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 09)
- Message not available
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 10)
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 09)
- Re: Insecure http pages referencing https form-actions. Nick FitzGerald (Aug 09)
- RE: Insecure http pages referencing httpsform-actions. Aditya Deshmukh (Aug 09)
- Re: Insecure http pages referencing https form-actions. Leandro Meiners (Aug 10)