WebApp Sec mailing list archives
Re: TrustBar and insecure sites of PayPal, MS Passport, Yahoo!, Chase, ...
From: "David Wall @ Yozons, Inc." <dwall () yozons com>
Date: Tue, 26 Oct 2004 10:06:17 -0700
PayPal redirects to SSL site once you hit the `log in` link, but it also asks users for userid and password directly at its (unprotected) homepage, http://www.paypal.com.
This doesn't hold true for me. If I type in www.paypal.com or paypal.com into my browser, it redirects to HTTPS right away. Also, SSL for the login page itself is technically not needed. It's where it POSTs to that matters. Security is confusing and I agree that making things more explicit is better. David
Current thread:
- Re: TrustBar and insecure sites of PayPal, MS Passport, Yahoo!, Chase, ... David Wall @ Yozons, Inc. (Oct 28)