http://lifeisgrand.disqus.com/enTue, 13 Nov 2007 15:03:02 -0000http://paulmwatson.com/journal/2007/11/05/insecure-usernames-and-passwords-on-netvibes/#comment-1284784<p>Well spotted. This is crazy.</p><p>For something crazier, see <a href="http://Wordpress.com" rel="nofollow noopener" target="_blank" title="Wordpress.com">Wordpress.com</a>, a very popular blog site, with plain text login data sent to an http endpoint from their https page !</p><p>Madness.</p><p>Worse now imo, folks are using their <a href="http://wordpress.com" rel="nofollow noopener" target="_blank" title="wordpress.com">wordpress.com</a> blog address as an OpenID.</p><p>Kinda mental to think that if you make the mistake of posting about, say your ski holiday in St. Anton from a Café while your there, somebody could sniff your password, and have access to all the on-line services you use OpenId with.</p><p>I have emailed Wordpress, and posted on my test blog there, they have not responded, and today it's still not fixed !</p>daraTue, 13 Nov 2007 15:03:02 -0000