top | item 44466067

(no title)

gnyman | 8 months ago

I'm confused by this one. It says it's a joke but it still submits the key to a server.

These joke pages have been around since http://ismycreditcardstolen.com/

And I even made my own version https://hasmypasswordbeenstolen.net/

The difference is that neither the original nor mine actually submits the secret to the server. I went to great lengths to avoid actually doing it, it's still a bad idea to send a password to my page but at least you can check the source and network traffic and see that it's only checked with JavaScript and a hash is checked against the HIPB password site.

This supposed joke site sends and processes the key on their backend. At least it looks like that, I have not tried with a real key.

discuss

Arcuru|8 months ago

Yea..sending it to the server makes it look sketchy. Even for my joke site[1] I make sure everything stays client side.

[1]: https://faxyourballs.com