You Dream it...We Build it... This blog is a follow up to a previous post, on the Email Injection Attack exploit and its occurrence on CF servers. Several questions and comments that were added indicates to me that I wasn't clear enough in describing what I believe is actually occurring. Let me see if I can shed some additional light on the subject.
When it comes to security and the web there are a number of myths held by casual users. In the next several posts we are going to plow through them together and see if we can come to some conclusions on how best to advise our clients. The first, and perhaps the most ubiquitous myth, has to do with the efficacy of simply having a secure site.
(this blog is a follow up to Why the padlock is your friend)
When submitting personal information, most users know enough to look for that little padlock in the status bar that indicates a "secure" site. Most of them believe their information to be safe. They do not know why, but it has something to do with encryption doesn't it? Actually (and surprisingly) most web developers are fairly uninformed on the topic as well.
