Was logging on to my AFL Dreamteam site last night (http://afl.virtualsports.com.au),
and noticed that the username and password are passed as clear text
in the query string! Easily picked up in any proxies / reverse
proxies as well as browser histories! Given the competition has
prizes, I'm sure there is a duty of care the the AFL or Telstra
(their online service provider) have to protect this information.
The technology to do so has existed since Feb
1995!!
I'm also sure that the body responsible for giving out permits
needs a confirmation of data security and integrity completed as
well. The AFL surely fail in this regard!
PS - the links to Dreamteam don't even work on the front page of
the AFL.com.au we site.