Latest News

Report: Match.com Sign-In Security Flaw Could Be Putting Millions Of User Passwords At Risk

http://ift.tt/1Hg4KHJ

Sure, love might be in the air — but that doesn’t mean tens of millions of Match.com users’ passwords should be floating around like so many bits of easily grabbed flotsam and jetsam. A new report says that due to an apparent security flaw in the dating site’s log-in process, millions of users are at risk for having their passwords stolen.

According to Ars Technica, a tip from an observant reader who noticed the issue in early March led to the find that passwords could be exposed whenever someone logs in, because Match.com doesn’t use HTTPS encryption to protect the page.


Simply using HTTP leaves the connection transmitting the data unprotected, giving anyone on the same public network as a user, for example, or other spies, the chance to snag those credentials, Ars points out.


On the other hand, employing an HTTPS connection makes the information unreadable to anyone but the end user and the server they’re connecting to.


Ars says its unclear how long the page has been unencrypted, and has asked Match.com for comment on the situation with no response thus far.


Match.com’s HTTP-only login page puts millions of passwords at risk [Ars Technica]




by Mary Beth Quirk via Consumerist

No comments:

Post a Comment

THE PLUG MAGAZINE Designed by Templateism.com Copyright © 2014

Theme images by Bim. Powered by Blogger.