What is Digg?94 Comments
- BrandonPerry, on 10/11/2007, -5/+63Heh, that's not a flaw, that's a feature!
- mvandemar, on 10/11/2007, -2/+47Guys, how is it that no one noticed that Digg is doing the *exact* same thing...?
http://smackdown.blogsblogsblogs.com/2007/06/12/digg-flaw-gives-out-digg-login-info/
I mean, you had to have logged in at some time to submit this story, right? :) - ericodom, on 10/11/2007, -11/+52But how the hell did they miss it in the first place?
- Scyth3, on 10/11/2007, -1/+31Didn't you get the memo about the words "wow" and "amazing" being banned from digg? You must use similar words...like "stupendous" now.
- qwertylicious, on 10/11/2007, -1/+30Anyone else just get distracted by the linked Tetris video?
- dbr_onix, on 10/11/2007, -1/+27"Expose" is such a strong word - it's not encrypted, but the amount of people that will be effected by this will be close to zero.. Of course sending login data over SSL is better, but this is hardly a huge gaping hole..
- bs3arch, on 10/11/2007, -0/+24That Tetris video is just insane!!
- Outdoor83, on 10/11/2007, -1/+23Agreed. This is a sensationalist headline. Someone has to be sniffing your network to get the information. If you're plugged in, you're almost guaranteed to be safe (someone has to not only be listening but hack whatever switch you're plugged into to get your packets sent to them).
If you're on secured wireless, you're also almost guaranteed to be safe. Even if you're on unencrypted wireless, someone has to be sitting around, sniffing traffic, and notice. Let's face it... this is unlikely. It's not like someone can hit up a website and steal account information.
I would bury as sensationalist crap if I could. - Rahu, on 10/11/2007, -1/+23Correct me if I'm wrong, but wouldn't this only "give out" the information to people who are recording all of either Google's (not likely) or your (still quite unlikely) network traffic?
- redfox2600, on 10/11/2007, -3/+24It actually not a bug. Myspace doesn't have SSL login for their main website nor does Facebook or Photobucket. Why should google have to use SSL if they don't?
- bs3arch, on 10/11/2007, -6/+27The flaw does not only expose MySpace login information, but also that of LiveJournal, TypePad, and most importantly Blogger... which is associated with Google Accounts : Gmail, AdWords, AdSense... etc.
- coldphoenix, on 10/11/2007, -2/+22@Strikezero
I'm pretty sure those "free offers" and other annoying pieces of ***** were already there on myspace regardless of this google flaw. - Al3x, on 10/11/2007, -3/+22Unless I read the article wrong....
Google merely passes username/password information of the listed sites (myspace, etc) insecurely (http)...so it could be caught and read...and some sites use google's login to log users in...so that could be read also.
As said above, easy fix.
@llda
This isn't a myspace flaw btw. - soda0289, on 10/11/2007, -0/+18DIGG doesn't even use SSL!!
- HalFTW, on 10/11/2007, -0/+16This is just FUD. Most websites do not use SSL for logins.
- crackedplastic, on 10/11/2007, -1/+12This is correct - someone must be sniffing your traffic in order to obtain your Myspace login/pass with this technique.
Of course, if someone is sniffing your traffic to begin with, he/she could just simply wait until you manually login to Myspace (or any other site that doesn't use SSL).
It's really not a big deal - don't login to non-SSL sites from Internet cafes (or other shared, public networks), use different passwords for different sites (so that someone can't deduce other site passwords), and better yet, just don't use Myspace. - ZoTheGorilla, on 10/11/2007, -2/+13Ok flaw, feature whatever ... That Japanese kid was Sick on Tetris!
- ChrisWickenscom, on 10/11/2007, -9/+20Why would you have more than one account?
Hell, why would you have ONE account?! - FredSpeaking, on 10/11/2007, -0/+10Its more than just sensationalist... it's ***** *****. Google no more "gives out" your login info does than your POP3 mail server does.
- thewebguy, on 10/11/2007, -0/+9myspace's login isn't ssl anyway
- Koyder, on 10/11/2007, -0/+8Quick, grab the logins and delete the accounts! It may be our chance to free the internet from MySpace!
- inactive, on 10/11/2007, -4/+11um.... it is rare that people intercept any information en-route. it is likely that literally 0 "exploits" have been done here. marked as lame.
- ncr100, on 10/11/2007, -0/+5Did you see that guy's web page? All the craaaazy advertisements on it? There are seven (7) ads visible without scrolling. The article is seriously tiny compared to the ad's. I say Bury this.
- smackhero, on 10/11/2007, -2/+6@Strikezero
those myspace hacks are completely unrelated and have been going on for quite some time now. most of those are automated worms that spread by taking over a user's profile and masking a portion of the page with a transparent link directing visitors to a fake log in screen on a different server. often users don't notice the url and just immediately type in their username and password into the fake login page, at which point the worm automatically logs in to myspace using their password and spreads onto their profile.
that is more of a problem with myspace's crappy design, which relies on CSS hacks to allow users to customize their profiles.
the Google Video flaw discussed here belongs to a broader problem of people transmitting sensitive info over unsecured connections. you'd be surprised at how much sensitive information you can see being transmitted in plain text just by running Ethereal on a college dorm network. i don't understand why people still use FTP rather than SFTP/SCP, or Telnet instead of SSH. - cfelde, on 10/11/2007, -1/+5@redfox2600: Facebook sends the login form to https://login.facebook.com/login.php
- eviljim, on 10/11/2007, -0/+4Not an issue for MySpace, but it is for some of the other services as they DO have SSL signons.
How it stands now is just as insecure as logging into the myspace page directly -- no SSL. - Bklynadam, on 10/11/2007, -1/+5use "unexpected"
- shinda, on 10/11/2007, -0/+3Man I sat and watched that tetris video to completion, I think it has some hypnotic messages in there somewhere, just those beeping noises I can't get them out of my head.
- jeremiahx, on 10/11/2007, -0/+2Nope
- Philipp_Lenssen, on 10/11/2007, -1/+3Marked as inaccurate for the headline...
- jeremiahx, on 10/11/2007, -0/+2um, Myspace doesn't even use an SSL for their login screen... so EVERY time you login to myspace it can be sniffed. LAME!
- rspeed, on 10/11/2007, -0/+2Is the MySpace login form even encrypted?
- PaulP82, on 10/11/2007, -3/+5Google= Privacy Protection?
- guttertrash, on 10/11/2007, -0/+2this isnt googles problem. people are so retarded. its like expecting a gas station to chase your car around and fill it up every time it needs gas. the internet has become the domain of retards and trolls. i think id rather be a troll thanks.
- RBasil, on 10/11/2007, -0/+2Simple fix, don't use myspace. :)
- SiRwhilms, on 10/11/2007, -2/+4Sensationalist ***** title, as if that's a surprise. You can't just go "can has i some myspace loginz?". It's just unencrypted traffic that could be sniffed if you were using ARP or were somehow in between client and server.
- jtkooch, on 10/11/2007, -3/+5This is hardly a cause for concern. Someone would still have to be sniffing your Internet connection, wired or wireless, in order to exploit this. If it's the former, you have a larger security problem you need to deal with, if its the latter, its your fault for not securing your connection.
- DivisibleByZero, on 10/11/2007, -0/+1In high school, I was tasked with setting up the school website. It had a ton of content:
1) Monthly lunch menus
2) Student handbook
3) School closing information when applicable.
Shortly after we put it up and gave the URL to students, some parent sent an email, OUTRAGED that the site wasn't "secure" because it used http, not https. - jeremiahx, on 10/11/2007, -0/+1yes because accessing public knowledge MUST go through an Secure Connection!
- DivisibleByZero, on 10/11/2007, -0/+1Check out the link on the right to human tetris if you haven't seen it yet. ( http://www.youtube.com/watch?v=3Mqau7J2g5E )
- rubbers0ul, on 10/11/2007, -0/+1so that's how the now infamous "skins" party was started....
- rouslan, on 10/11/2007, -0/+1I tried analyzing the headers but I cannot find the login info-did they fix the problem already?
- m4csrgh3yk3v, on 10/11/2007, -0/+1this is stupid, no ssl anyway. buried inaccurate.
- artificialgrey, on 10/11/2007, -0/+1The question is: "Why would anyone want MySpace credentials anyway?"
- Harboggles, on 10/11/2007, -0/+1Is that real? Or a phising site?
- Katana314, on 10/11/2007, -0/+1Okay, this is bad for google, but seriously...if you're using MYSPACE...how can you NOT expect your personal info to be taken??? Myspace is about GIVING IT OUT!!!
- j0se, on 10/11/2007, -0/+1myspace can kiss my ass!
- rbrown, on 10/11/2007, -0/+1MySpace doesn't use HTTPS as login anyway as default. And didn't Gmail used to allow you to login via HTTP?
- SiRwhilms, on 10/11/2007, -1/+2Sorry, let me clarify. Yes, everything uses ARP. I mean ARP Poison Routing-- you trick ARP caches to make clients believe that you are the router, and vice-versa. It's a man-in-the-middle.
- jgreene777, on 10/11/2007, -1/+2sounds more like a MySpace problem, not a Google problem.
-
Show 51 - 90 of 90 discussions
The Digg Toolbar for Firefox lets you Digg, submit content, and keep track of Digg even when you're not on the Digg site. Download the official 
© Digg Inc. 2009
— Content created and posted by Digg users is