The real problem that https has conspicuously failed to fix
James A. Donald
jamesd at echeque.com
Sun Jun 8 13:43:05 PDT 2003
I keep posting "you cannot do this using https", and people keep =
replying "yes you can"
No you cannot, cause if you could, paypal, e-gold, e-bay, and the rest =
would not be suffering from the problem illustrated by scam mails such =
as the following
(When you hit the submit button, guess what happens)
=20
=20
=20
Dear PayPal Customer=20
This e-mail is the notification of recent innovations taken by =
PayPal to detect inactive customers and non-functioning mailboxes.
The inactive customers are subject to restriction and removal in =
the next 3 months.
Please confirm your email address and Credit or Check Card =
information using the form below:
=20
Email Address:
=20
Password:
=20
First Name:
=20
Last Name:
=20
ZIP:
=20
Credit or Check Card #:
=20
Expiration Date:
Month 01 02 03 04 05 06 07 08 09 10 11 12 / Year 2003 =
2004 2005 2006 2007 2008 2009 2010 2011 2012 =20
ATM PIN:
=20
=20
Information transmitted using 128bit SSL encryption.=20
=20
=20
Thanks for using PayPal!=20
=20
=20
This PayPal notification was sent to this email address because =
you are a Web Accept user and chose to receive the PayPal Periodical =
newsletter and Product Updates. To modify your notification preferences, =
go to https://www.paypal.com/PREFS-NOTI and log in to your account. =
Changes may take several days to be reflected in our mailings. Replies =
to this email will not be processed. =20
Copyright=A9 2003 PayPal Inc. All rights reserved. Designated =
trademarks and brands are the property of their respective owners. =20
[demime 0.97c removed an attachment of type image/gif which had a name of paypal_logo.gif]
[demime 0.97c removed an attachment of type image/gif which had a name of pixel.gif]
[demime 0.97c removed an attachment of type image/gif which had a name of dot_row_long.gif]
More information about the cypherpunks-legacy
mailing list