Feel like logging into my blog with your Yahoo! account for no particular reason? Then please feel free to login here: https://login.yahoo.com/config/login?&.done=http://www.keebler.net. Don’t worry, I’m not stealing your password or anything; you’re using the real Yahoo!.

I’m been noticing lately how much information web developers applications are giving away in the query string. In this case I can’t really do anything besides redirect to my site, but holes like these make it really easy for phishers to look legit, and trick people into giving them personal information (or worse).

For example, what if you went to a URL starting with https://login.yahoo.com, entered your correct username/password, then we taken to another fake page, that looks just like the “Incorrect password” screen from Yahoo!, where you are asked for your username/password again. Would you really be sure to check the URL again? I think 99% of people would offer up their username/password to the hacker.

Anyhow, you get my point Security good. Phishing bad. Yahoo! vulnerable. *grunt*