-----BEGIN PGP SIGNED MESSAGE----- Hash: RIPEMD160
HJ wrote:
|> 2) Some important sites are not using SSL for their login pages - Yahoo |> apparently being one. | | | I have a Yahoo e-mail account, and that uses SSL for logins. | Are you talking about the free Yahoo webmail or paid Yahoo e-mail accounts? | I recently had occasion to traipse through Yahoo!'s login process - it's actually rather neat: if you choose the non-default "Secure" login then you're connected via SSL as expected. If you take the default "Standard" login route, it then checks to see if your browser supports Javascript and has it enabled then it generates a password hash for login. If you have Javascript disabled, etc., then it *falls back* to the "Secure" login. Rather slick! I think their "Standard" login description is a bit of a misnomer in this case.
- --
Cheers!
J. Wren Hunt Cambridge, MA. USA
- ------------ "In theory, there is no difference between theory and practice. But, in practice, there is." - Jan L.A. van de Snepscheut
+------------------------------------------------------------------+ | v-card http://wrenhunt.homelinux.org/data/wren.vcf | | x.509 http://wrenhunt.homelinux.org/data/thawte_wren_hunt.cer | | OpenPGP ADF5 1432 A59E 8F4D 4AE7 4DFE 03FA 91E1 4A24 D6F4 | +------------------------------------------------------------------+
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1rc2 (Darwin)
iD8DBQFCODOAA/qR4Uok1vQRAwEIAJ0WoiaDwl40ByQhvhK49wuBLNfb5gCg3c3W NcKXJO/IoRADrUCuakz0UO0= =Yudv -----END PGP SIGNATURE----- _______________________________________________ Mozilla-security mailing list [email protected] http://mail.mozilla.org/listinfo/mozilla-security
