So do I understand the implications of this? See, in MN in order to receive your unemployment insurance, you must register (and if you apply for benefits, you are automatically registered with a lastname-last4 of your SSN username/password. You MUST confirm registration on the site to keep getting you benefits). So every unemployed person in MN uses this site. And from what I understand from looking at the site the job seekers that use the site to find a job are open to this too... Scary since there are 56,000 active resumes on the system, probably at least 4 times as many users. So if I logged in and someone sniffed my SSN and thieved my identity would the state of MN be held liable for not protecting my sensitive info? Say it ain't so... E On 19/12/2003 22:40, "Callum Lerwick" <seg at haxxed.com> wrote: >> here's another: >> >> Minnesota's Job Bank >> http://www.mnworks.org/jsli.cfm > > And the source for http://www.mnworks.org/jsli.cfm says: > <form ACTION="https://www.mnworks.org/jobseeker/jslogin_process.cfm" > METHOD="POST"> > > And where you verify your SSN in > http://www.mnworks.org/jobseeker/jsedrgssn.cfm: > <FORM ACTION="https://www.mnworks.org/jobseeker/jsedrgssn_process.cfm" > METHOD="POST"> > > Ethereal confirms it. Forms are submitted over SSL, but the rest of the > session isn't. Better than nothing. > > _______________________________________________ > TCLUG Mailing List - Minneapolis/St. Paul, Minnesota > http://www.mn-linux.org tclug-list at mn-linux.org > https://mailman.real-time.com/mailman/listinfo/tclug-list _______________________________________________ TCLUG Mailing List - Minneapolis/St. Paul, Minnesota http://www.mn-linux.org tclug-list at mn-linux.org https://mailman.real-time.com/mailman/listinfo/tclug-list