Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Thursday August 21 2014, @12:03PM   Printer-friendly
from the now-go-stand-in-the-corner! dept.

The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution — shame.

Webster decided to see if a little public humiliation could convince companies to better secure their customers' information. On Saturday, the consultant created a website, HTTP Shaming ( http://httpshaming.tumblr.com/ ) , and began posting cases of insecure communications, calling out businesses that send their customers' personal information to the Internet without encrypting it first.

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Thursday August 21 2014, @12:45PM

    by Anonymous Coward on Thursday August 21 2014, @12:45PM (#83902)

    Why the restriction to wireless networks? Do they consider data transmission to be magically secure as soon as it goes over a wire?

    • (Score: 4, Interesting) by present_arms on Thursday August 21 2014, @12:52PM

      by present_arms (4392) on Thursday August 21 2014, @12:52PM (#83905) Homepage Journal

      Because it's a lot easier to have MITM attacks with wireless, just ask Google' streetview

      --
      http://trinity.mypclinuxos.com/
      • (Score: 2) by kaszz on Thursday August 21 2014, @01:07PM

        by kaszz (4211) on Thursday August 21 2014, @01:07PM (#83913) Journal

        And ask listening-on-everyone-gov-agency, shady organizations, and spammers for the wired alternative :P

    • (Score: 4, Informative) by MrGuy on Thursday August 21 2014, @03:39PM

      by MrGuy (1007) on Thursday August 21 2014, @03:39PM (#83976)

      TFA is unclear on this, but if you look at the actual site, the shaming is of sites that send sensitive information (logins, passwords, chat contents, profile information) via http rather than https. That's pretty much it. The actual site doesn't even talk about wireless vs. wired networks.

      However, the author of the TFA does focus on wireless networks, probably because it's one of the simplest attack vectors for non-encrypted traffic (just pop down to the local starbucks, log in, and you can see the non-https traffic of anyone else on the network). That's comparatively harder to do casually over a wired network.

  • (Score: 3, Funny) by kaszz on Thursday August 21 2014, @01:10PM

    by kaszz (4211) on Thursday August 21 2014, @01:10PM (#83915) Journal

    Perhaps http://httpshaming.tumblr.com/ [tumblr.com] should make https://httpshaming.tumblr.com/ [tumblr.com] to work before shaming insecure sites.

    Though a good initiative!

    • (Score: 4, Insightful) by MrGuy on Thursday August 21 2014, @03:41PM

      by MrGuy (1007) on Thursday August 21 2014, @03:41PM (#83978)

      And, as is their policy, they use their site to httpshame tumblr.

      Here's the headline on the top of their tumblr page where they make it clear they're aware of the issue, that it's tumblr's fault, and that they'd like tumblr to fix it:

      Can you please encrypt my traffic?!
      Yup, this site is on HTTP – blame Tumblr for not supporting SSL, because you know we are.