[funsec] How *NOT* to handle incorrect passwords ...
https://twitter.com/cjcheshire/status/360326695137468416/photo/1 Virgin Atlantic feels that it is a good idea to provide the failed password, in plain text, in the URL when you try for a reset ... == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org Practice random humour and acts of senseless mirth victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
[funsec] Unintended consequences of anti-fraud algorithms
http://www.theverge.com/2013/7/24/4549124/how-google-uncovered-a-chinese- ring-of-car-thieves or http://is.gd/59l7XD Google's AdWords anti-fraud scanning finds theft of a different kind. == (quote inserted randomly by Pegasus Mailer) rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org It is the test of a good religion whether you can joke about it. - G. K. Chesterton victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links http://blogs.securiteam.com/index.php/archives/author/p1/ http://twitter.com/rslade ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Re: [funsec] How *NOT* to handle incorrect passwords ...
On Thu, 25 Jul 2013 10:59:55 -0700, Rob, grandpa of Ryan, Trevor, Devon Hannah said: https://twitter.com/cjcheshire/status/360326695137468416/photo/1 Virgin Atlantic feels that it is a good idea to provide the failed password, in plain text, in the URL when you try for a reset ... Just be glad it isn't the correct password, helpfully provided for your second attempt. pgpqguD2PKNxE.pgp Description: PGP signature ___ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.