Monday 21 July 2008

Why is secure browsing so... nowhere?

Whenever I read about the Black Hat conference or Defcon (which I'd love to see one day), I was always amused, how they tried to see, whether all the participants followed (or not followed, more likely) the best practices of online security....

My favorite was the Wall of Sheep, which is basically scans for unsecured network traffic through the wireless access points, and if it finds an unencrypted login name/password combo, just posts it on a giant screen... If someone spots the info, they can pwn the careless user in a second... Is it rude? I don't think so... On the Interwebs nobody will notify you when you leak information out to people who will take advantage of it. Nobody will take your hand and tell you - hey little boy, you seemed to drop this wallet/login/credit card number.... Oh, noez, you'll only notice when it is too late....

So, since I've read about the Wall of Sheep, I wanted to make sure, I do follow a few easy steps that can make things at least a bit safer. For example using "https" instead of "http", whenever it is possible. That extra "s" stands for security, and all it does is preventing people to read my communication with the website I'm currently using.

Some sites are reasonably good, for example Gmail now seems to default to secure login page - though if I don't want someone to read my emails, i still have to manually change the current URL to "https" after login...

But some sites are pretty useless in this sense... Even take Blogger - the "https" version of the page which has all my settings, all my info, just redirects back to the unsecured page... Or this blog - just try https://clickedyclick.blogspot.com ... why does it redirect to the Google frontpage?? Is it something that the Hypertext Transfer Protocol over Secure Socket Layer cannot handle or the site owners don't care?

Or, the reason of this post, Facebook... You can have all the pages in https version, but every single link on that page will point to http.... No security y'all.... Just let everyone read your juicy messages (well, I don't have any, but those who have...)

Is even a minimal effort such as this, too much to ask? Never mind that, if I can voice my concerns to whom it may concern - but can I challenge anyone to find an appropriate feedback page on Facebook? It's like total robot call centre - Sorry sir, no human operators are in today, take it or leave it....

Well, I take it now, but not sure how long, though...
blog comments powered by Disqus