[prev in list] [next in list] [prev in thread] [next in thread]
List: isn
Subject: [ISN] New website aims to publicly shame apps with lax security
From: InfoSec News <alerts () infosecnews ! org>
Date: 2014-08-19 8:07:38
Message-ID: alpine.DEB.2.02.1408190807270.18751 () infosecnews ! org
[Download RAW message or body]
http://arstechnica.com/security/2014/08/new-website-aims-to-shame-apps-with-lax-security/
By Robert Lemos
Ars Technica
Aug 18 2014
The amount of personal data traveling to and from the Internet has
exploded, yet many applications and services continue to put user
information at risk by not encrypting data sent over wireless networks.
Software engineer Tony Webster has a classic solution—shame.
Webster decided to see if a little public humiliation could convince
companies to better secure their customers' information. On Saturday, the
consultant created a website, HTTP Shaming, and began posting cases of
insecure communications, calling out businesses that send their customers'
personal information to the Internet without encrypting it first.
One high-profile example includes well-liked travel-information firm
TripIt. TripIt allows users to bring together information on their
tickets, flight times, and itinerary and then sync it with other devices
and share the information with friends and co-workers. Information shared
with calendar applications, however, is not encrypted, Webster says,
leaving it open to eavesdropping on public networks. Among the details
that could be plucked from the air by anyone on the same wireless network:
a user's full name, phone number, e-mail address, the last four digits of
a credit card number, and emergency contact information. An attacker could
even change or cancel the victim's flight, he says.
So far, TripIt and 18 other applications and services have made the
shaming list, many submitted by other people fed up with the security
missteps of companies, Webster says.
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic