FST has been Haxord

**lynx** · 11-07-2004, 12:05 PM

Originally Posted by 15%

It has been suggested................
that by using this overlay trick
that there is a possibility that the overlay site may know your password etc
if any techies could clarify this?

Nope. The only info they get is the bit after the "?ref=".

When passwords are required they aren't usually sent across the net. Instead a test word/phrase is sent which is encrypted using your password. The encrypted word/phrase is returned. The site checking your password also encrypts the word/phrase with your password and compares that with what was returned. That way, even if someone is sitting between you and the server they still don't get to see your password.

**100%** · 11-07-2004, 12:13 PM

phew....
thanx

**lynx** · 11-07-2004, 12:26 PM

Notice though that I did say normally. There are still ways to trick you into sending your password in clear text, but I'm pretty sure you would have to type it in, it wouldn't be available through your password manager.

**DanB** · 11-07-2004, 12:28 PM

Originally Posted by lynx

Notice though that I did say normally. There are still ways to trick you into sending your password in clear text, but I'm pretty sure you would have to type it in, it wouldn't be available through your password manager.

If I get hax0red cos of it I am blaming you

Thread: FST has been Haxord

Thread Tools

Bookmarks

Bookmarks

Posting Permissions