Digg Accounts at Risk - Passwords transmitted Unencrypted
I am not a hacker or a security expert but today it came to my attention that Digg passwords are not sent over a secure (https) channel . I had a firefox addon Tamper Data installed on my my Firefox browser . I checked to see if i could see the password being sent from my browser to digg while i login to digg. To my surprise i could see the password as well. May be its because digg login doesn’t use https ( secure channel ) protocol. if you want to see it in your case you need to install the Tamper Data addon for firefox then if logged in to digg have to log out and keeping the Tamper Data viewer window open ( Tools>Tamer Data on Firefox ) login to digg account . Then u can see the password of yours being transmitted as an unencrypted text. below is the screenshot of mine.
Trackback
RSS Feed
Related Posts you may like to Read...
4 Comments
1.
Rajesh From 
(UNITED STATES)
Wrote Using 
Internet Explorer 7.0 on 
Windows XP on 25. August 2007 at 10:27 am
Great find bro…
2.
keshuvko From 
(NEPAL)
Wrote Using 
Internet Explorer 6.0 on 
Windows XP on 25. August 2007 at 7:56 pm
I dont know how Diggs work!
3.
Deelip From 
(NEPAL)
Wrote Using 
Mozilla Firefox 2.0.0.6 on 
Windows XP on 26. August 2007 at 2:19 am
ISnt that same like keylogger?
You can even save you IM and email passwords buddy.
4.
aksn1p3r 196.25.255.210 not found
Wrote Using 
Mozilla Firefox 2.0.0.8 on 
Windows XP on 24. October 2007 at 7:48 pm
It can probably find a whole lot more than just Digg logins.
Check this one
http://aksn1p3r.blogspot.com/2007/07/firefox-asterisk-revealer.html