Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Maybe no trickery hidden in there now, but that could change any time. Or sometimes. Or depending on IP, browser or OS.


And even if there's no "trickery" from the hosting site, they're slurping in javascript from a 3rd party down the bottom (getclicky). That means they (or anybody who compromises them) could grab the cleartext passwords from the form before the inline javascript does it's sha1 hashing…




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: