phony ipod order scam
Fairlight
fairlite at fairlite.com
Wed Mar 21 11:12:40 PDT 2007
Four score and seven years--eh, screw that!
At about Wed, Mar 21, 2007 at 01:18:31PM -0400,
Gary Olman blabbed on about:
> I had the same thing happen a number of times but with PayPal and M & T
> bank. Ignore it. It boils down to this: if you didn't iniate it don't
I say this as someone that uses PayPal and who actually likes using their
services: Their web design idiotically -encourages- abuse of this type.
Their page source uses all absolute links. ALL absolute links. Anywhere
there's a graphic, stylesheet, etc., it's an absolute URL back to their
server. You take the source for their homepage and it would display
corectly, out of the box, on any other server--using all the graphics from
PayPal's site. They even have a hardwired link to their favicon.ico file
on their own server.
For a site that doesn't want to be ripped and spoofed, they do nothing to
help stem this behaviour in design--just try to enforce it after the fact.
They're not doing themselves or their customers any favours with their
design practises.
Granted, it's not difficult to spider to get the extra content if someone
really wants to do it; but there was no need to make it so drag-n-drop that
any idiot could grab it in 5 seconds, change the webscr URL in another 10
seconds, and be set to phish in a total of 15 seconds. That was just plain
-stupid- design from a security standpoint.
mark->
More information about the Filepro-list
mailing list