![[philiptellis]](https://en.gravatar.com/userimage/3079306/f13167d69aa4e1cb5e5f131af4e38e3e.jpeg)
So it looks like I've been forgetting a lot of my passwords recently. After yesterday's issue with delicious submitting passwords in the clear, today I have a problem with livemocha.com.
As before, their login page is properly secured, but the password reset page is over HTTP:
This is the password reset page:
And this is the URL the passwords are POSTed to, in clear text:
They also include third party code on their page, in this case it's a flash object from userplane.com, google analytics, and some JavaScript from pbc.com (alias for paybycash.com)
I've gotten in touch with them via their online form. Let's hope they respond.
0 comments :
Post a Comment