New website aims to publicly shame apps with lax security

HTTP Shaming's ethos is even on a fridge.

The amount of personal data traveling to and from the Internet has exploded, yet many applications and services continue to put user information at risk by not encrypting data sent over wireless networks. Software engineer Tony Webster has a classic solution—shame. 

Webster decided to see if a little public humiliation could convince companies to better secure their customers' information. On Saturday, the consultant created a website, HTTP Shaming, and began posting cases of insecure communications, calling out businesses that send their customers' personal information to the Internet without encrypting it first.

One high-profile example includes well-liked travel-information firm TripIt. TripIt allows users to bring together information on their tickets, flight times, and itinerary and then sync it with other devices and share the information with friends and co-workers. Information shared with calendar applications, however, is not encrypted, Webster says, leaving it open to eavesdropping on public networks. Among the details that could be plucked from the air by anyone on the same wireless network: a user's full name, phone number, e-mail address, the last four digits of a credit card number, and emergency contact information. An attacker could even change or cancel the victim's flight, he says.

Read 9 remaining paragraphs | Comments

Breach of Patient Identification Information

Original release date: August 18, 2014

US-CERT is aware of a breach of sensitive patient identification information affecting approximately 4.5 million patients and customers of Community Health Systems, Inc. As part of DHS, US-CERT is working together with the FBI and the Department of Health and Human Services to assist in sharing specific vulnerabilities and mitigations with the healthcare industry to prevent additional breaches from occurring.

US-CERT recommends that individuals who suspect they may have been victimized as a result of this breach report any incidents to the FBI's Internet Crime Complaint Center. Tips and advice to stay safe online can be found at STOP. THINK. CONNECT.


This product is provided subject to this Notification and this Privacy & Use policy.


Passera – Generate A Unique Strong Password For Every Website

We’ve discussed password storage/generation solutions quite often, especially in the news stories about hacks and plain text password leaks, here’s a tool for the more paranoid who don’t want to store their passwords locally or in the cloud. Passera is a simple tool written in Go that allows users to generate a unique strong...

Read the full post at darknet.org.uk