"InstaKiss" password theft

The example above was designed to appear like a service operated by America Online. However, the URI reveals that the page was hosted by a free web space provider. With a little more effort, the URI could have been obfuscated using e.g. frames, numeric IP addresses, and/or redirections.

When sending sensitive information such as passwords over the WWW, it is important to ensure that one is communicating with the correct server, and that only the intended receiver can read the message. In practice, this means using the https scheme - e.g. https://example.com/ - and carefully verifying the server certificate.

Link to this page:

www.anta.net and blog.anta.net serve information on internetworking, security and safety topics to a global audience. Both sites are partially funded by advertising. Third parties may therefore offer cookies to your browser; request cookies back; and use web beacons. Google's use of the DART cookie enables Google to serve ads to you based on your visits to this and other websites. If you do not wish to use the DART cookie, please opt out on the privacy policy page for Google's ad‑and-content network. Additionally, you can usually specify your cookie preferences in your browser settings.

All content © 2000–2009 Thor Kottelin, unless otherwise indicated. Any trademarks or registered trademarks mentioned on this site belong to their respective owners. Content and techniques used on this site may be available for licensing; for details, please contact the webmaster. — Conventional hyperlinking to any content on this site is highly welcomed. However, none of the content on this site may be shown, even partly, in a context inferring or claiming it to be part of or sponsored by any other organization or site. Such prohibited techniques include (but are not limited to) framesets, interstitial pages, kiosk mode pop‑ups, and reverse proxies.