Whoops! I am the moron, I replied to Paul's email when I meant to reply to juha's
http://orthodoxanarchist.com/2008/01/05/facebook-voter-registration-app-asks-for-ssn-without-ssl/ On Jan 8, 2008 9:33 AM, Dude VanWinkle <[EMAIL PROTECTED]> wrote: > From the link: > > [Update] As a couple of comments have suggested, "just because you > don't see a lock on the page that collects the information, doesn't > mean that it doesn't post through an https connection." This may be > correct. Here is the code of the form. It does, in fact, appear to > invoke an API that rests on a secure server, but with my limited > JavaScript skills, I cannot be certain that the form data is being > encrypted. If someone with a little more expertise would be willing to > chime in, I'd much appreciate it. If I turn out to be wrong, my > humblest apologies for much ado about nothing. Though I suppose it > would be nice if the form offered some sort of visible assurance of > security. > > [Update 2] See Dustin's comment. By his account, the form submission > appears to be secure. Sorry for the false alarm, but again, when it > comes to insuring the security of your personal information, one > should be ever-vigilant. My thanks to the Digg and Reddit communities > for their sleuthing. > > [Update 3] I am a moron and a douche bag who likes to shoot his mouth > off about technology I don't understand > > :-) > > -JP > > > On Jan 8, 2008 1:52 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > Via UPI. > > > > [snip] > > > > A U.S.-based Web site that hosts Chinese dissidents' blogs is being hacked > > again, days after an attack took it offline and nearly destroyed its > > archives. > > > > The Web site, Boxun.com, which hosts some 2000 blogs, was the target of a > > "very strong" distributed denial of service, or DDOS, attack last week, its > > editor, Watson Meng, told United Press International. > > > > He added that hackers probing the Web sites of several U.S. government > > agencies had "spoofed" or forged their Internet addresses to make it seem > > as if the probes came from his site. > > > > "Our service provider received complaints from a number of government > > agencies," he said. > > > > [snip] > > > > More: > > http://www.upi.com/International_Security/Emerging_Threats/Briefing/2008/01 > > /07/chinese_dissident_site_hacked_again/3849/ > > > > Previously: > > http://www.darkreading.com/document.asp?doc_id=142072 > > > > - - ferg > > > > -----BEGIN PGP SIGNATURE----- > > Version: PGP Desktop 9.6.3 (Build 3017) > > > > wj8DBQFHgx2Tq1pz9mNUZTMRAvgvAKDrMpGzmGDEolcpHbgGYJG845WwRACfdM23 > > bDmuwmNjLIrKQ6HZXKffQpA= > > =ohog > > -----END PGP SIGNATURE----- > > > > > > -- > > "Fergie", a.k.a. Paul Ferguson > > Engineering Architecture for the Internet > > fergdawg(at)netzero.net > > ferg's tech blog: http://fergdawg.blogspot.com/ > > > > > > _______________________________________________ > > Fun and Misc security discussion for OT posts. > > https://linuxbox.org/cgi-bin/mailman/listinfo/funsec > > Note: funsec is a public and open mailing list. > > > _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
