All Educational Websites
It seems to me that all educational websites practice weak to no security. My son's school recently sent us details of Mathletics, as a good parent I dutifully signed up and was gobsmacked that we are letting kids use such tripe.
Ignoring its use of Flash which is bad enough to start with, I quickly noticed that all I needed to log into the account was the copy the address which contained the session id, no password or anything. Then things got worse, after signing up for a parent account, I noticed that the username and password were there in plain text in the address bar ripe for any sniffer to pick up. Things didn't stop there however, realising that my password was now in the public domain, I went to change it in my account section only to see it there in plain text so clearly not hashed at all.
Oh and it only uses HTTPS for the sign in itself, everything else is HTTP.
I got in touch with the school who clearly got a stock response from the company behind this which ammounted to the password is sent using HTTPS so it is okay and it isn't really important anyway.
The school now knows my son will not be using this piece of garbage.