-----BEGIN PGP SIGNED MESSAGE----- This bug has been fixed in most webmail clients for quite some time now, but I guess some people just don't see security as a design priority. The free, web-based mail client at www.angelfire.com passes authentication data in the URL. So your authentication token hapilly gets logged if you use a proxy server or follow a link in a mail message (via the HTTP referrer header). Without really bothering to look deeper, it's quite likely that the web page editor at the same site uses the same authentication token or is susceptible to the same bug. - -- Dave Pifke, daveat_private -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQCVAwUBNqPCnDuW2fOIQC3pAQHHvAP/YNBorT+DzITci/LygFmwq/2uc16Ok3rf yyYv1YwwyAc1xVPjqE4sd74UIRTUQWX/Bsqdx0jMEo0ujJF1nPgDOx2AADAG4Gq6 06JAsNoqCQizlOQ9c4anbQE1YqwfMdFA7MAx/gKGqbagyGfd6YKSUyH8hCSHUnlr LWNkNKwpquY= =9boA -----END PGP SIGNATURE-----
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:29:12 PDT