Full Disclosure mailing list archives
Re: Insecure http pages referencing https
From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 09 Aug 2005 22:43:03 -0400
fd () ew nsci us wrote:
On Wed, 10 Aug 2005, Nick FitzGerald wrote:fd () ew nsci us wrote:Today I realized that many "secured" web sites reference their secure login page from an insecure page.
Welcome to, ohhh, 1997??? I can't be bothered looking it up, but this is ancient.
Ok, good -- I'm not missing something then. Almost a decade later and they still repeat history. Guess its time to contact the vendor - wheee!A note for those who use online banking: check for the s!
If you use Firefox or Mozilla (and if not, why not? :-) ) look into the FormFox plugin, which will show you the target of a click-button POST. Doesn't help the crappy javascript versions, but good for most. Jeff _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Insecure http pages referencing https form-actions. fd (Aug 09)
- Re: Insecure http pages referencing https form-actions. Nick FitzGerald (Aug 09)
- Re: Insecure http pages referencing https form-actions. fd (Aug 09)
- Re: Insecure http pages referencing https Jeff Kell (Aug 09)
- Re: Insecure http pages referencing https form-actions. fd (Aug 09)
- Message not available
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 09)
- Message not available
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 10)
- Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 09)
- Re: Insecure http pages referencing https form-actions. Nick FitzGerald (Aug 09)
- RE: Insecure http pages referencing httpsform-actions. Aditya Deshmukh (Aug 09)
- Re: Insecure http pages referencing https form-actions. Leandro Meiners (Aug 10)