Archive for May, 2006

Friends Reunited

Friends Reunited Password

Friends Reunited show your password in clear text on an insecure (HTTP) page.

I emailed them to tell them I was concerned, and was reassured (unfortunately I can’t find the email any more) that the page was perfectly safe, as you’d need my password to get there in the first place.

I replied to tell them that the password was being displayed clear text on a page that had not been secured with an SSL certificate, and hence the whole HTML page was probably cached on a number of servers in-between (such as my ISP’s). No further response was forthcoming.


Leave a Comment

A new site was born

I’ve been seeing a few too many sites that annoy me recently. I’m not talking about ones that don’t render properly in my browser of choice or have awful design elements. I’m talking about those that use, or have applied for, software patents. I’m talking about sites that don’t have stong security mechanisms in place.

Software Patents

I’ll probably write a more detailed description of what they are, why they’re bad and just don’t work later. For now, suffice it to say that they are bad, and I won’t use anyone’s system if they entertain ideas to the contrary.

There is only one way I could accept software patents, and that is if they are applied for and then released to the public domainfor anyone to use. This would stop someone else from applying for a software patent and using it for evil.

This is a real pain in the neck. My first example shows my password in plain text on a web page that isn’t secure.

Other security issues are sites that send you your username and password in the same email. Or those that email you a password, and your email address is your login name. Passwords should never be sent in clear text. Ever!

Am I perfect?

Hell no – I’ve done these things, and they’ve come back to bite me. This is why I’m so aware of why they are bad things to do. Everyone makes mistakes and hopefully learns from them. I hope to pass this knowledge on to you, the reader, and hopefully also the owners of the websites concerned.

I’ve not stopped learning, and hope to learn more through running this site. I welcome submissions from anyone – check out the Submit a Shameful Site page for more details.

That’s all for the first post…

Leave a Comment