The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution — shame.
Webster decided to see if a little public humiliation could convince companies to better secure their customers' information. On Saturday, the consultant created a website, HTTP Shaming ( http://httpshaming.tumblr.com/ ) , and began posting cases of insecure communications, calling out businesses that send their customers' personal information to the Internet without encrypting it first.
This discussion has been archived.
No new comments can be posted.
Website Aims to Publicly Shame Apps with Lax Security
|
Log In/Create an Account
| Top
| 7 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(Score: 0) by Anonymous Coward on Thursday August 21 2014, @12:45PM
Why the restriction to wireless networks? Do they consider data transmission to be magically secure as soon as it goes over a wire?
(Score: 4, Interesting) by present_arms on Thursday August 21 2014, @12:52PM
Because it's a lot easier to have MITM attacks with wireless, just ask Google' streetview
http://trinity.mypclinuxos.com/
(Score: 2) by kaszz on Thursday August 21 2014, @01:07PM
And ask listening-on-everyone-gov-agency, shady organizations, and spammers for the wired alternative :P
(Score: 2) by present_arms on Thursday August 21 2014, @01:11PM
Sad but true.
http://trinity.mypclinuxos.com/
(Score: 4, Informative) by MrGuy on Thursday August 21 2014, @03:39PM
TFA is unclear on this, but if you look at the actual site, the shaming is of sites that send sensitive information (logins, passwords, chat contents, profile information) via http rather than https. That's pretty much it. The actual site doesn't even talk about wireless vs. wired networks.
However, the author of the TFA does focus on wireless networks, probably because it's one of the simplest attack vectors for non-encrypted traffic (just pop down to the local starbucks, log in, and you can see the non-https traffic of anyone else on the network). That's comparatively harder to do casually over a wired network.
(Score: 3, Funny) by kaszz on Thursday August 21 2014, @01:10PM
Perhaps http://httpshaming.tumblr.com/ [tumblr.com] should make https://httpshaming.tumblr.com/ [tumblr.com] to work before shaming insecure sites.
Though a good initiative!
(Score: 4, Insightful) by MrGuy on Thursday August 21 2014, @03:41PM
And, as is their policy, they use their site to httpshame tumblr.
Here's the headline on the top of their tumblr page where they make it clear they're aware of the issue, that it's tumblr's fault, and that they'd like tumblr to fix it: