|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: Exploit for DNS Cache Poisoning - RELEASED
Skywing wrote: Bookmarks or favorites or whatever your browser of choice wishes to call them, for the https URLs. That, or remember to type in the https:// prefix. Which works great until you run into something like Washington Mutual (of which you have no doubt heard)... http://www.wamu.com redirects to http://www.wamu.com/personal/default.asp and https://www.wamu.com *also* redirects to http://www.wamu.com/personal.default.asp (!) And yes, then you're supposed to trust that the page you've been served up will send the form submit with your username and password to the right place over https. They do now have a link to https://online.wamu.com/IdentityManagement/Logon.aspx on that main page, but you have to look for it. But really, https://www.wamu.com should redirect to *that* in order for it to be safe for the slightly-knowledgeable-about-http-security. Matthew Kaufman [email protected] http://www.matthew.at
|