mattdiggme, the point is that nobody who knows what they are doing would send sensitive private information via query string, as has been illustrated in the post you ignorantly bashed.
Well then I suggest you don't shop on such sites if there are these sites. FYI I build ecom sites for a fortune 500 company. And the people who developed these sites need to go back to programming school 101.
DIZDAZ89: "Honestly; I could care less if some random person knows what pages I'm browsing."PEERK: It's "couldn't care less"- Sorry I'm not as smart as you (peerk). I didn't know I was required to use perfect English online. It looks like you have a lucrative editing career ahead of you. All those years spent trolling the internet for grammatical error, will pay off. I'm sure you have a ton of friends due to your uncanny ability to find grammatical errors. You make the internet a better place, We salute you, really we do.Wow, I just love how all digg users get along so good.
The main issue would be Google not allowing me to download it in the first place."Google Safe Browsing for Firefox is only available for download for users within the US."Screw you too, Google.
Someone please explain to me the need for this anti-phishing tool bar? Here's an idea: type in the name of the website you want to go to and forget about phishing. If you're clicking on links contained in emails etc., you deserve what you get.....
"Firstly, yes I think we've all come to terms with the fact that sending sensitive data via GET is a bad idea, but people still do it."Okay, it's fair enough to suggest Google use https for their communication. Eliminates the sniffing issue, but see, that doesn't matter because the conspiracy freaks out there will just say Google is stealing your information or something.This isn't about privacy or security, it's about people not liking Google. Admittedly, it is a legitimate concern, but the underlying flaw is not Google's, it's these piss poor applications people are running. I mean, a guy up above even says that he would hate to have to audit his apps for not passing private data via GET. That's the stupidest thing I've ever heard. If apps are passing data via GET that they shouldn't be, then you shouldn't use them. Like somebody else said, these are often listed on bugtraq, because *it's a security hole*. Browsers log GET requests in history files. Even if they are SSL. People can SEE the information on your screen. They can see it via cameras pointed at the screen. They can even pick it up with Van Eck phreaking if it came right down to it. There's a lot of ways to exploit such a hole if you're paranoid enough. So he should be auditing his applications for known security problems anyway. This is one of those sorts of problems.
tennisballgDec 16, 2005
mattdiggme, the point is that nobody who knows what they are doing would send sensitive private information via query string, as has been illustrated in the post you ignorantly bashed.
snowboarderDec 16, 2005
Well then I suggest you don't shop on such sites if there are these sites. FYI I build ecom sites for a fortune 500 company. And the people who developed these sites need to go back to programming school 101.
snowboarderDec 16, 2005
what commerical app may this be so I can delete my account?
dizdaz89Dec 16, 2005
DIZDAZ89: "Honestly; I could care less if some random person knows what pages I'm browsing."PEERK: It's "couldn't care less"- Sorry I'm not as smart as you (peerk). I didn't know I was required to use perfect English online. It looks like you have a lucrative editing career ahead of you. All those years spent trolling the internet for grammatical error, will pay off. I'm sure you have a ton of friends due to your uncanny ability to find grammatical errors. You make the internet a better place, We salute you, really we do.Wow, I just love how all digg users get along so good.
amitpagarwalDec 16, 2005
<a class="user" href="http://digg.com/links/Install_Google_Safe_Browsing_from_Outside_the_US">http://digg.com/links/Install_Google_Safe_Browsing_from_Outside_the_US</a>
bdonlanDec 16, 2005
data64: SSL does protect the GET request - unless you have this extension installed of course.
echo5iveDec 16, 2005
The main issue would be Google not allowing me to download it in the first place."Google Safe Browsing for Firefox is only available for download for users within the US."Screw you too, Google.
datamikeDec 16, 2005
Someone please explain to me the need for this anti-phishing tool bar? Here's an idea: type in the name of the website you want to go to and forget about phishing. If you're clicking on links contained in emails etc., you deserve what you get.....
ottoDec 18, 2005
"Firstly, yes I think we've all come to terms with the fact that sending sensitive data via GET is a bad idea, but people still do it."Okay, it's fair enough to suggest Google use https for their communication. Eliminates the sniffing issue, but see, that doesn't matter because the conspiracy freaks out there will just say Google is stealing your information or something.This isn't about privacy or security, it's about people not liking Google. Admittedly, it is a legitimate concern, but the underlying flaw is not Google's, it's these piss poor applications people are running. I mean, a guy up above even says that he would hate to have to audit his apps for not passing private data via GET. That's the stupidest thing I've ever heard. If apps are passing data via GET that they shouldn't be, then you shouldn't use them. Like somebody else said, these are often listed on bugtraq, because *it's a security hole*. Browsers log GET requests in history files. Even if they are SSL. People can SEE the information on your screen. They can see it via cameras pointed at the screen. They can even pick it up with Van Eck phreaking if it came right down to it. There's a lot of ways to exploit such a hole if you're paranoid enough. So he should be auditing his applications for known security problems anyway. This is one of those sorts of problems.