"Even the neowin login page is not encrypted"
Now I thought to myself - that can not be true.. I know the page itself is not fully encrypted, but that is not an issue the sending of the username and password could be using a https post, etc.
So figured I would take a look see.... Oddly enough, the post for the login looks to be in the clear from the page source
<form action="http://www.neowin.net/forum/index.php?app=core&module=global&section=login&do=process" method="post" id='login'>
Now I said -- hmmm, I know a little bit about html, but maybe I am missing something and I am looking at it wrong or something. So I did what I know better and that is looking at network sniffs... So I took one while logging in..
And what you know - my password right there in the clear?? That is not a very safe practice... I know its only a forum and such, and I agree you sure don't have to encrypt the whole site - but not the sending of the username and password?? That needs to be corrected!!
Now my password is complex random - but I assure you it was in the clear.
Not sure what that auth part is there I highlighted, but hid it as well.
So am I correct in that everyone that is logging into neowin is sending username and password in clear??