http://lifeisgrand.disqus.com/enTue, 13 Nov 2007 15:03:02 -0000http://paulmwatson.com/journal/2007/11/05/insecure-usernames-and-passwords-on-netvibes/#comment-1284784Well spotted. This is crazy.<br><br>For something crazier, see <a href="http://Wordpress.com" rel="nofollow">Wordpress.com</a>, a very popular blog site, with plain text login data sent to an http endpoint from their https page !<br><br>Madness.<br><br>Worse now imo, folks are using their <a href="http://wordpress.com" rel="nofollow">wordpress.com</a> blog address as an OpenID.<br><br>Kinda mental to think that if you make the mistake of posting about, say your ski holiday in St. Anton from a Café while your there, somebody could sniff your password, and have access to all the on-line services you use OpenId with.<br><br>I have emailed Wordpress, and posted on my test blog there, they have not responded, and today it's still not fixed !daraTue, 13 Nov 2007 15:03:02 -0000