Full Disclosure mailing list archives
MySpace - Stupid user security advice that they do not follow
From: Dan B <dan-fd () f-box org>
Date: Sat, 24 Jun 2006 13:57:41 +0200
Hi, So I was just looking at myspace, hey I don't really want an account, just needed to login to look at someones pics. And I noticed that even though they advise to check for 'login.myspace.com' in the address bar they actually allow login via other subdomains... www1. is the only one i noticed. But come on guys if you advise your users to check for a certain url, then also have a login form on a different url then what is the fscking point of the advice! I know its still a subdomain of myspace.com but its not the one you are referring to, gets the user used to not checking the url 'cause it ain't correct in the first place! I've attached a jpg illustrating. Cheers, DanBUK.
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- MySpace - Stupid user security advice that they do not follow Dan B (Jun 24)
- Re: MySpace - Stupid user security advice that they do not follow Robert Waters (Jun 26)