An online services security report card shows the extent to which popular web services are exposing users to account hijacking, especially in open WiFi network environments. The risk has been understood in security circles for years but remained underreported prior to last week's release of an account hijacking tool called …
See this article ...
on Brian Krebs website, 27 Oct :
Brian is on the ball and usually beats others to the news. A site well worth following. the comments are a good read as well.
"in particular, Facebook and Twitter"
Well, colour me surprised.
At least, in Amazon's favour, they hold your bank card info themselves (and thus do not ask for it) and they demand confirmation of this if shipping to a new address, and for viewing information about my account I need to log in (SSL). So it is pretty safe. Without, you can see my search history (frequently edited, as it affects the auto-suggestions) and my wish list, which is full of astonishigly interesting things like manga and "learn katakana in 30,000 days", that sort of stuff. Woo.
By the way, while I notice eBay on the list, I was quite surprised to see PayPal omitted.
Have I misunderstood this article?
Firesheep is not about login credentials or about encourage websites to "use end to end encryption for logins".
Firesheep is about sniffing cookies. It's about completely bypassing logins. It's about getting websites to provide end to end encryption, full stop.
- Crawling from the Wreckage Want a more fuel efficient car? Then redesign it – here's how
- Apple SILENCES Bose, YANKS headphones from stores
- Nobody wants to look at your boobs: Snapchat gets ads 'that interest you'
- TV Review Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
- Vid NASA eyeballs SOLAR HEAT BOMBS, MINI-TORNADOES and NANOFLARES on Sun