Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
My Snipes
Menu
Home
Why
snipe
?
Compare
FAQ
Community
Terms
Contact
Username
Password
Login is SSL protected. By clicking on "Log in Now" you agree to gixen.com
terms of usage.
Search
Gixen.com Forum Index
->
Suggestions and Ideas
Post a reply
Username
Subject
Anti-Bot check:
Enter characters from the following image:
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Tiny
Small
Normal
Large
Huge
Close Tags
[quote="mario"]Well stealing your password is not possible if the action tag points to Gixen, but I can see your point - most people in such a situation would not check this. Spoofed SSL certificate would not work, as there would be a big warning by every browser out there. Overall, I don't see encrypting just the password and not the content as a big issue - gmail does it for hundreds of millions of users every day.[/quote]
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 8 Hours
Jump to:
Select a forum
Gixen
----------------
Announcements
Support
Suggestions and Ideas
Impressions
Blog
Topic review
Author
Message
mario
Posted: Wed Dec 12, 2007 3:09 pm
Post subject:
Well stealing your password is not possible if the action tag points to Gixen, but I can see your point - most people in such a situation would not check this. Spoofed SSL certificate would not work, as there would be a big warning by every browser out there.
Overall, I don't see encrypting just the password and not the content as a big issue - gmail does it for hundreds of millions of users every day.
droopycom
Posted: Wed Dec 12, 2007 1:53 pm
Post subject: SSL
Hi,
On the subject of this FAQ:" It says you use SSL to encrypt eBay user IDs and passwords but when I was logging in, I do not see a padlock symbol. Does this mean my eBay user ID and password are at risk? "
The FAQ answer that the login/password are safe because the target when I click on the "log in" button is an SSL session. While it is true that the password will be encrypted in the SSL session, I have no way to trust the site is really gixen.
In particular a common attack would be to make a spoof gixen website that looks exactly the same but does still your password when you click the log in now button.
The purpose of SSL is not only to encrypt what you send, but also to authenticate what you receive.
Granted, many people would also be fooled by a spoofed SSL certificate, but a few paranoid types are carefully checking.
© 2006 - 2023 Gixen.com. Forum powered by phpBB © 2001, 2005 phpBB Group.