Letters to the editor

An LWN subscription vulnerability

Hello All,
 
I would like to draw to the attention of Linux Weekly News subscribers the
existence of a site by the name of "lwm.net" (that's with an "m", rather
than an "n"). I myself am a Linux Weekly News subscriber, and this week I
accidentally typed this URL into my web browser. I was met with a
standard pop-up window asking me to enter my login id. and password.
 
I assumed my LWN subscription cookie had expired, and that it was time to
enter my login id. and password again. I *almost* went ahead and entered
these, but it seemed strange to me that the people at LWN had changed
their non-subscriber front page to such an unfriendly welcome. This
second thought gave me just enough time to notice my typo in the URL.
 
I believe that the operators of "lwm.net" are aware of the similarity
between their URL and that of "lwn.net", and are perhaps intentionally
trying to collect the login id.'s and passwords of unsuspecting LWN
subscribers.
 
Perhaps LWN could draw subscribers' attention to this, and ask everyone to
think twice before typing their passwords into something that doesn't look
familiar.
 
                                                        -Kipp

Comments (8 posted)