Wednesday, August 23, 2006

Nothing like the Smell of Internet Tubes in the Morning

Via blogs.ittoolbox.com -

If you use any number of popular web forums or even some commercial services like classmates.com, amazon.com, netzero.com or your provider's webmail service, you may not be aware that you're sending your credentials over the internet in the clear.

Some sites appear to secure your credentials, but they really don't. Some offer SSL sign-ins, but don't make them the default. Others don't even make an attempt to use proper SSL encryption or any attempt to obscure the credentials.

Remember the wall of sheep from DefCon? All of those people that kept logging into net resources assuming that nobody was listening? They were wrong!





Defcon's Wall of Sheep was full of Myspace passwords this year. Freaking crazy.

This above blog isn't pointing out anything new or "super-leet", but it is providing a much needed reminder to the security world. SSL can be very effective if used properly. Imporper use and you create a false sense of secuirty.

Check out Number 8 in the OWASP Top 10 Web Applications Vulnerabilites.

No comments:

Post a Comment