Full Disclosure mailing list archives
Re: MySpace - Stupid user security advice that they do not follow
From: "Robert Waters" <robert.waters.nospam () gmail com>
Date: Mon, 26 Jun 2006 18:23:13 -0400
On 6/24/06, Dan B <dan-fd () f-box org> wrote:
Hi, So I was just looking at myspace, hey I don't really want an account, just needed to login to look at someones pics. And I noticed that even though they advise to check for 'login.myspace.com' in the address bar they actually allow login via other subdomains... www1. is the only one i noticed. But come on guys if you advise your users to check for a certain url, then also have a login form on a different url then what is the fscking point of the advice! I know its still a subdomain of myspace.com but its not the one you are referring to, gets the user used to not checking the url 'cause it ain't correct in the first place!
Myspace uses virtual subdomains, for load balancing, at least; high-traffic subdomains (groups,forums) don't bog down login and www/collect. I'm not saying this is the best way to do this... But that is pretty silly; I suspect most myspace users would just be confused by that inconsistency, being that they're probably not too tech-savvy. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySpace - Stupid user security advice that they do not follow Dan B (Jun 24)
- Re: MySpace - Stupid user security advice that they do not follow Robert Waters (Jun 26)