I am a new user, so maybe I missed something, but here
is my story:
When I want to post anything on bug/forum at sf.net I
need to login first.
So I click on login.
The login form comes in http (not SSLed https) page.
The page assures that the password is going to be
encrypted by SSL.
Sounds like magic, because no signs of https.
Then I looked at the login page source, still no https.
Then I loaded ethereal to inspect my packets and see
whether my password is going encrypted.
To my surprise I found a packet with my username and
password in plain text, so at least the login page is
lieing, and worst sf.net usernames/passwords could be
Could anyone comment on that?