Personal information at risk: A new blog is shaming websites and apps that do not use encryption. Photo: Reuters <\/p>\n
The web is fighting back against websites and apps that do not use encryption. <\/p>\n
Such services are considered to have good security when they implement a technology known as Transport Layer Securityor Secure Sockets Layer (SSL), which encrypts traffic between an end user and the site. Google, Twitter, Facebook and banks are good examples of this practice. <\/p>\n
But many apps and sites implement it incorrectly or do not use it at all, leaving personal information at risk of being seen over unsecured connections, like public Wi-Fi. In such cases, a hacker using \"sniffing\" tools is able to snoop on the traffic, steal personal information and use it to hack into your online accounts. <\/p>\n
Enter HTTP Shaming, a Tumblr blog launched at the weekend that is naming and shaming websites and apps that are not doing the right thing by their users. <\/p>\n
Created by US software engineer Tony Webster, the site already lists a number of popular websites and apps that are not doing encryption properly, including Tripit, Scribd and Meetup. <\/p>\n
Mr Webster is hoping that highlighting poor security in services will result in their owners implementing better security. The engineer is also taking submissions for the blog from members of the public. <\/p>\n
\"When that traffic goes over an open Wi-Fi network, it's not encrypted unless the website or app is using SSL,\" Mr Webster said. SSL is displayed as the \"s\" in https before a web address and is typically accompanied by a golden padlock, but this is not displayed as a symbol in appson smartphones. <\/p>\n
\"Anyone with network sniffing software can intercept traffic on open wireless networks and, if passwords and personal information is being sent, that attacker now has a lot of ... information that could be used to cause a lot of problems,\" Mr Webster said. <\/p>\n
At the end of the day, he said it was \"so easy\" to implement encryption that web services should be doing it for the privacy of their users. <\/p>\n
<\/p>\n