Hacker News new | past | comments | ask | show | jobs | submit login

No. A more effective vector would be to send them to a funny video page to watch, that has nothing to do with McDonalds. And inside that video page you have a hidden iframe pointing to the malicious query which submits the McDonald's password to another backend server.

meh, make a mcdonalds.com search link that generates "Congratulations, you won a free mechanically deboned meat product!!1" and share it on bookface.

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact