Adam Fields (weblog)

This blog is largely deprecated, but is being preserved here for historical interest. Check out my index page at adamfields.com for more up to date info. My main trade is technology strategy, process/project management, and performance optimization consulting, with a focus on enterprise and open source CMS and related technologies. More information. I write periodic long pieces here, shorter stuff goes on twitter or app.net.

2/23/2005

eBay scams now using eBay servers

Filed under: — adam @ 10:17 am

How is it possible that eBay lets you redirect to arbitrary servers?

Rule number one of web application security is “Don’t trust user input”. Even worse than this is that they know about it and can’t easily fix it. That means they’ve probably got this problem copied all over the place.

http://www.interesting-people.org/archives/interesting-people/200502/msg00210.html

(Note: Spoofstick sees through this.)

Comments are closed.

Powered by WordPress