MySpace - Stupid user security advice that they do not follow

[Dan B <dan-fd () f-box org>]

Hi,
So I was just looking at myspace, hey I don't really want an account,
just needed to login to look at someones pics. And I noticed that even
though they advise to check for 'login.myspace.com' in the address bar
they actually allow login via other subdomains... www1. is the only one
i noticed. But come on guys if you advise your users to check for a
certain url, then also have a login form on a different url then what is
the fscking point of the advice! I know its still a subdomain of
myspace.com but its not the one you are referring to, gets the user used
to not checking the url 'cause it ain't correct in the first place!

I've attached a jpg illustrating.

Cheers,
DanBUK.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/