I agree that the simple thing for the general public is https with a padlock -- I wish all login sites used an https page. If you do not see https & the padlock, you may want to try my trick. Enter a bogus ID and password. Some sites ( such as http://www.chase.com/ChaseCreditCard.html ) return an error page with https and a padlock.
Excerpt of what Steve Gibson said in Security Now episode 20: "And so I really think it's a fault of the website designer that they don't move you onto a secure page where the form is being filled out, even though technically it's not that page, it's the page that you're going to submit the data to, which is the next page you go to, which needs to be secure. And similarly, if they put you on a secure page, then it's possible that they could use an unsecure button to accept the data." See the transcript at http://www.grc.com/sn/SN-020.htm for the full discussion. - TD ----- Original Message ---- From: db <[EMAIL PROTECTED]> To: COMPUTERGUYS-L@LISTSERV.AOL.COM Sent: Thursday, July 19, 2007 1:16:16 PM Subject: Re: [CGUYS] Importance of secure login page But I think the point that someone else made is really important. Starting from a page that a layman can't visibly tell will be secure doesn't help the general public know what is safe and what's not. The end result of that ignorance ... which is promoted by this emerging login technique ... is it will make website spoofing and thus account credential theft easier in general. db ____________________________________________________________________________________ Moody friends. Drama queens. Your life? Nope! - their life, your story. Play Sims Stories at Yahoo! Games. http://sims.yahoo.com/ ************************************************************************ * ==> QUICK LIST-COMMAND REFERENCE - Put the following commands in <== * ==> the body of an email & send 'em to: [EMAIL PROTECTED] <== * Join the list: SUBSCRIBE COMPUTERGUYS-L Your Name * Too much mail? Try Daily Digests command: SET COMPUTERGUYS-L DIGEST * Tired of the List? Unsubscribe command: SIGNOFF COMPUTERGUYS-L * New address? From OLD address send: CHANGE COMPUTERGUYS-L YourNewAddress * Need more help? Send mail to: [EMAIL PROTECTED] ************************************************************************ * List archive at www.mail-archive.com/computerguys-l@listserv.aol.com/ * RSS at www.mail-archive.com/computerguys-l@listserv.aol.com/maillist.xml * Messages bearing the header "X-No-Archive: yes" will not be archived ************************************************************************
