|
|
|
|
|
|
by fmpwizard
2849 days ago
|
|
|
if the idea is to protect users so that you don't end up clicking on https://news.ycombinator.com.myhackerdomain.com , you then open the attack of a platform where they offer custom subdomains, and you have https://original.blogger.com and then https://fake-original.blogger.com if I make them look the same, and the address will hide the subdomain, it looks like a step backwards in securing the web now, imagine the actual platform has a payment section, and I create a fake subdomain that looks pretty similar, email you, boom, I get your cc info because I tricked you into entering new cc info (assuming your scenario of someone being distracted) |
|
|
Anything else is still shown. fake-original.blogger.com will still show up as fake-original.blogger.com because fake-original. isn't a trivial subdomain.
I still think it's a stupid move, though. It's a simplification that is incredibly unnecessary and may be harmful when dealing with the rare site that doesn't treat www.domain.com and domain.com as the same.