Journal cbelt3's Journal: EFax clueless security
This morning I got an email from e-fax. I signed up with them years ago, and have kept a 'free' efax number 'just in case'. It's nice that they let me do that, and, of course, you get what you pay for.
Much to my horror, the email had a nice little html shunk embedded into it that looked like the efax login screen. In the login screen was my efax number (the fax number is your userid), and a password that looked like *****. Hmm.
A quick source check showed my password embedded into the HTML. NOT Encrypted. Not PGP'd. Just sitting there.
Excuuuse me !!!
I wonder how many users are going to get hacked as a result ?
Much to my horror, the email had a nice little html shunk embedded into it that looked like the efax login screen. In the login screen was my efax number (the fax number is your userid), and a password that looked like *****. Hmm.
A quick source check showed my password embedded into the HTML. NOT Encrypted. Not PGP'd. Just sitting there.
Excuuuse me !!!
I wonder how many users are going to get hacked as a result ?
EFax clueless security More Login
EFax clueless security
Slashdot Top Deals