Are we sure now people won't create a clone of steemit just to steal user's passwords? spamming like fake links and stuff?
You are viewing a single comment's thread from:
Are we sure now people won't create a clone of steemit just to steal user's passwords? spamming like fake links and stuff?
it seems like a lot of trouble to go to to steal passwords... its just as easy to use a fake login page that goes nowhere. or httpd proxy.
Isnt the whole point of making steemit opensource so that everyone can use it.
That's a very good question, that's why I did that, to study how the whole think is working. So far I can see that I can login in this clone, I don't know however is my server received the password ... It might be encrypted by the client ....
I am sure this issue has been studied ... but now that we have the code we can check all that ....
@wisehammer, @artakan:
Phishing?
Since all files are hosted on your end you can simply try to obtain sensitive information such as usernames, passwords etc by creating a fake steemit site. e.g. steemlt.com :-)
@dantheman:
Just so you know, steemlt.com is available for registration.
Just for the fun, I did it
http://steemlt.com:3002/
I just need to clean the port and get some https ... and warn everybody!
That is not why I am doing that ....and there must be a protection mecanism, otherwise we are all doomed ...
No worries @artakan, I'm not saying that you are doing it :-) What I'm saying is that anyone can do it. The only way to protect Steemit users from Phishing is to increase the public awareness e.g. by convincing people to pay attention regarding which site they are using for login to steemit etc :-)
No any more https://steemlt.com ;-) I couldn't resist ...