Imac porn chat Best teen webfree nasty phone chat no cresit card needed

Just off the top of my head, if asking for a username and password became the exception rather than the norm for sites across the web, only used to install a cert or similar on one’s computer a la Kerberos, people would be more suspicious/cautious when a computer that they previously authorized suddenly asked them for their credentials.

No idea how one would get that movement going without having a phishing pandemic across the web to motivate it, though.

That trick certainly won’t work for any interactive site (not that RMS is likely to be a Facebook user), nor presumably any that requires authentication like a banking site.

It probably rules out commenting on any blog that requires a captcha.

Really, if that claim by Stallman is true, I really wonder what his view of the world is like, given how important (for better of worse) the web has become to social interaction these days…

I would argue email clients can be significantly worse in another way — most popular email clients like Outlook and Thunderbird don’t encrypt passwords and other sensitive information, sending it all and receiving as plaintext.

What we don’t expect is that a page we’ve been looking at will change behind our backs, when we aren’t looking. There are many ways to potentially improve the efficacy of this attack.

Using my CSS history miner you can detect which site a visitor uses and then attack that site (although this is no longer possible in Firefox betas).

My gut feel in this case was that (1) given the description it is easy to implement, and (2) the demo would easily be view-source-able. Yeah, this definitely highlights the need for an alternative to the standard login/password security model.

It would be even better to detect the “most valuable” site that a user has visited (with your Social History Script), then grab the html of that site’s login page and alter the form’s action [and method] property(ies) to send the data to your page.

Another layer, once you get the info for one site set a cookie so you don’t ask for the details again (at least until the login fails).

Might not work for me since my password manager autotypes, but could stop some attacks.

It feels like this beautifully simple phishing attack has a beautifully simple solution, but I’m not totally sure what it is yet.

Leave a Reply