>From the link: [Update] As a couple of comments have suggested, "just because you don't see a lock on the page that collects the information, doesn't mean that it doesn't post through an https connection." This may be correct. Here is the code of the form. It does, in fact, appear to invoke an API that rests on a secure server, but with my limited JavaScript skills, I cannot be certain that the form data is being encrypted. If someone with a little more expertise would be willing to chime in, I'd much appreciate it. If I turn out to be wrong, my humblest apologies for much ado about nothing. Though I suppose it would be nice if the form offered some sort of visible assurance of security.
[Update 2] See Dustin's comment. By his account, the form submission appears to be secure. Sorry for the false alarm, but again, when it comes to insuring the security of your personal information, one should be ever-vigilant. My thanks to the Digg and Reddit communities for their sleuthing. [Update 3] I am a moron and a douche bag who likes to shoot his mouth off about technology I don't understand :-) -JP On Jan 8, 2008 1:52 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Via UPI. > > [snip] > > A U.S.-based Web site that hosts Chinese dissidents' blogs is being hacked > again, days after an attack took it offline and nearly destroyed its > archives. > > The Web site, Boxun.com, which hosts some 2000 blogs, was the target of a > "very strong" distributed denial of service, or DDOS, attack last week, its > editor, Watson Meng, told United Press International. > > He added that hackers probing the Web sites of several U.S. government > agencies had "spoofed" or forged their Internet addresses to make it seem > as if the probes came from his site. > > "Our service provider received complaints from a number of government > agencies," he said. > > [snip] > > More: > http://www.upi.com/International_Security/Emerging_Threats/Briefing/2008/01 > /07/chinese_dissident_site_hacked_again/3849/ > > Previously: > http://www.darkreading.com/document.asp?doc_id=142072 > > - - ferg > > -----BEGIN PGP SIGNATURE----- > Version: PGP Desktop 9.6.3 (Build 3017) > > wj8DBQFHgx2Tq1pz9mNUZTMRAvgvAKDrMpGzmGDEolcpHbgGYJG845WwRACfdM23 > bDmuwmNjLIrKQ6HZXKffQpA= > =ohog > -----END PGP SIGNATURE----- > > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > fergdawg(at)netzero.net > ferg's tech blog: http://fergdawg.blogspot.com/ > > > _______________________________________________ > Fun and Misc security discussion for OT posts. > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > Note: funsec is a public and open mailing list. > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
