New social account shames insecure websites as needed

Aug 18, 2014
0
New social account shames insecure websites as needed

Data security is a sensitive topic, but a necessary one. Just as touchy is discovering a site you use doesn’t make a passing attempt at securing your data, instead leaving it to chance. With wireless data transfer a commonplace occurrence, one Tumblr account is bringing those who have done us wrong a measure of shame.


HTTP Shaming is a submission-based account where security exploits can be shared by anyone. Created by Software engineer Tony Webster, HTTP Shaming isn’t meant as a troll-ish Tumblr page. Instead, the idea is to publicly share exploits services either didn’t know about, or were ignoring.

Nearly 20 services have been identified as weak so far, and some might just surprise you. MeetUp has an insecure log-in, while TripIt fails to encrypt travel info shared to your calendar. Popular FTP clients Filezilla and Transmit both have an unsecure connection in certain circumstances.

Speaking to Ars Technica, Webster says “I've kind of been overwhelmed in a sad but also in a good way with the number of submissions. Some of them are fairly benign, but I've gotten some that are quite concerning to me, especially those that relate to financial details.”

HTTP Shaming seems to be a play on HTTPS, which is the secure version of HTTP. Those sites which don’t what should be a standard protocol might deserve a slice of humble pie for their lack of effort, too. Webster summed it up nicely, though, saying “It seems ridiculous to me that in 2014 we are still sending unencrypted data over the air. And there is no reason, in my mind, why all websites and mobile apps should not be using HTTPS.”

Via: Ars Technica


Must Read Bits & Bytes