Actually that is quite dangerous, since anyone guessing the correct herokuapp.com-subdomain could take over the site displayed on busy.org and perform a phishing attack. https://staging.busy.org/ still seems to work, but I prefer @steempeak over Busy now, they are also adding new features and improvements all the time. And if you are looking for a nice UI only for travel posts, we just launched https://travelfeed.io/ :)
You are viewing a single comment's thread from:
Ouch, that sounds pretty dangerous. It's a good thing that they are using Steemconnect at least, so it will be a bit more difficult to fake a phising site if users make sure to see that the Steemconnect URL is real or fake.
Great job with Travelfeed by the way! I was just checking it out earlier today, and I will definitely test it out more when I leave for my next trip somewhere.
Even though busy.org is using Steemconnect, users stay logged in for 7 days using cookies. A phishing-version replacing busy.org would have access to these cookies and could therefore post and vote on the user's behalf..
We have been working hard on TravelFeed and there are so many more features that will be introduced in the following months, happy to hear that you like it!
Damn, that's actually pretty concerning. I hope the Busy.org development team gets around to fixing this soon. I guess I can revoke their access to my account until then.
Damn, that's actually pretty concerning. I hope the Busy.org development team gets around to fixing this soon. I guess I can revoke their access to my account until then.