Please register to participate in our discussions with 2 million other members - it's free and quick! Some forums can only be seen by registered members. After you create your account, you'll be able to customize options and access all our 15,000 new posts/day with fewer ads.
<!--
This site is intended to be a lesson for people who are susceptible to getting
phished. The goal here is for no credit card information to ever be sent across
the wire. To accomplish this, all credit card info is outside the form. That
way, clicking on the submit button doesn't submit any credit card info.
Godaddy was smart enough to detect some evil keywords in the domain and require
a human being to look at the site. If you are reading this, Godaddy: Our
intention is to educate and inform people of phishing, in a particularly
memorable way: http://ismycreditcardstolen.com/anti-phishing.jpg
BTW there is no form validation so just click the submit button if you want to
see the "you have failed" message, visible here: Tsk tsk tsk
-->
I looked at the source and the comments are correct. Anything you enter is NOT submitted.
I wouldn't call it perfectly safe, it's non https page. Unlikely but the HTML can be hacked in transit to the user.
Probably the bigger issue is if the page gets changed in the future. Suppose this is a long term strategy and years down the road they change it so it does collect data. They'll have thousands of links going to it that were created when the page was safe. Same thing if the domain expires and someone unscrupulous obtains the domain. The server could get hacked..... Actually a lot of potential risk involved with it.
Last edited by thecoalman; 08-09-2011 at 10:04 PM..
I wouldn't call it perfectly safe, it's non https page. Unlikely but the HTML can be hacked in transit to the user.
Probably the bigger issue is if the page gets changed in the future, for example this could be long term strategy. 2 years down the road they have thousands of people linking to it but now the page does collect data. Same thing if the domain expires and someone unscrupulous obtains the domain.
There is a wild assumption, so if it were https you would consider it safe
There is a wild assumption, so if it were https you would consider it safe
The only one making an assumption is yourself. I wouldn't consider it safe at all just because it's https, I'm well aware of how easy it is to obtain a certificate since I have my own. The point I'm trying to make is this page has many possible ways it could potentially be exploited.
---------edit---------
You understand what I'm saying about the https? This has nothing to do with submitting the data over a secure connection but the page being hijacked in transit before it gets to the end user in which case it could be altered so it does submit data.
Please register to post and access all features of our very popular forum. It is free and quick. Over $68,000 in prizes has already been given out to active posters on our forum. Additional giveaways are planned.
Detailed information about all U.S. cities, counties, and zip codes on our site: City-data.com.