12/03/2008
Facebook is a victim of cross domain defense
The problem with some sites in the facebook infrastructure is that they don't have the same domainname. If this isn't known beforehand and hardencoded in antiphishing and anti-xss defense systems and tools, those other sites will be seen as phishing or fraud. For them you can transferring login information to another sites or between sites and in theory that is phishing or XSS.
This can also be the case for subdomains.
It means that you should stay as much as possible within your own domain.
An important Belgian site that has the same problem - and that we have written about already several times is .... the ever so popular taxonweb.be
13:37 | Permalink | Comments (0) | Email this
| 
| 
del.icio.us
|
| 
Digg | 
Facebook
Post a comment