Ian Bicking: the old part of his blog

Comment

Well, if someone doesn't have the address bar switched on, there's no need to go to the trouble of using usernames & passwords in the URL to fool them.

Just send them HTML email with a link to http://evil.com/ and tell them its their bank. If they never see the URL at all, there's no need to do anything complicated to fool them.

Sheesh, you can't save everyone from their own ignorance all of the time!
Comment on Mozilla developers smarter than IE developers
by AndyT