lcamtuf@dione.ids.pl (Michal Zalewski) writes: > I gave Slashdot a short notice because ...you were impatient, I guess. But the explanation is simple. Our users access that link from these pages: http://slashdot.org/users.pl?op=changepasswd http://slashdot.org/users.pl?op=edituser which inform him or her: You can automatically log in by clicking _This Link_ and Bookmarking the resulting page. This is totally insecure, but very convenient. Anyone whose password shows up in your referrer logs has been duly warned. Any security concerns with Slashcode or Slashdot should be sent to security@slashcode.com. (This address can be found by clicking "bugs" on the Slashdot homepage. As stated there, we adhere to the RFP, and ask you to as well.) -- Jamie McCarthy jamie@slashdot.org
