I just noticed something: You can use Google News (Germany confirmed, others likely to do the same) to fake/hide the referer.
Proof: http://news.google.de/news/url?sa=T&ct=de/0-0&fd=R&url=http://blogoscoped.com/google-blog.html&cid=0&ei=IoxXRJOdFYKuoQLo0oz8BA Now, in the Server log, as referer you have news.google.de. This can of course be used for pishing.
I know, this is not the proper way to publish "security holes", but I lost my password for the BugTraq/SecurityFocus/Full-disclosure mailinglist :o)
|