Full Disclosure mailing list archives

Re: Insecure http pages referencing https

From: Jeff Kell <jeff-kell () utc edu>
Date: Tue, 09 Aug 2005 22:43:03 -0400

fd () ew nsci us wrote:

On Wed, 10 Aug 2005, Nick FitzGerald wrote:
fd () ew nsci us wrote:
Today I realized that many "secured" web sites reference their securelogin page from an insecure page.

Welcome to, ohhh, 1997???
I can't be bothered looking it up, but this is ancient.

Ok, good -- I'm not missing something then. Almost a decade later andthey still repeat history. Guess its time to contact the vendor - wheee!
A note for those who use online banking: check for the s!


If you use Firefox or Mozilla (and if not, why not? :-) ) look into the FormFox plugin, which will show you the target 
of a click-button POST.

Doesn't help the crappy javascript versions, but good for most.

Jeff
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Insecure http pages referencing https form-actions. fd (Aug 09)
- Re: Insecure http pages referencing https form-actions. Nick FitzGerald (Aug 09)
  - Re: Insecure http pages referencing https form-actions. fd (Aug 09)
    - Re: Insecure http pages referencing https Jeff Kell (Aug 09)
- Message not available
  - Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 09)
    - Message not available
    - Re: Insecure http pages referencing https form-actions. fd () ew nsci us (Aug 10)
- RE: Insecure http pages referencing httpsform-actions. Aditya Deshmukh (Aug 09)
- Re: Insecure http pages referencing https form-actions. Leandro Meiners (Aug 10)
  - Re: Insecure http pages referencing https form-actions. fd (Aug 10)