Securism Blog » twitter http://blog.securism.com Simple Security. Fri, 23 Jul 2010 18:17:28 +0000 en hourly 1 http://wordpress.org/?v=3.0 Gnome Do Microblogging Plugin Authenticates Over Clear Text http://blog.securism.com/2009/01/gnome-do-microblogging-plugin-authenticates-over-clear-text/ http://blog.securism.com/2009/01/gnome-do-microblogging-plugin-authenticates-over-clear-text/#comments Fri, 30 Jan 2009 21:52:04 +0000 Ben Hagen http://blog.securism.com/?p=178 I love the Gnome productivity tool Gnome Do. Its great! What’s not so great is the fact that the installation default Twitter plugin “Microblogging (Twitter)” version 1.0 authenticates to Twitter over clear text. In general, its a great plugin… easy to post updates and wonderful balloon popups when friends post their’s… but this is a killer problem.

I’ve filed a bug report with the plugins group here.

With the ubiquity of wireless networks and the ease of promiscuously monitoring wireless networks, it is no longer acceptable to authenticate over clear text. Twitter shouldn’t allow authentications over none SSL channels, and applications shouldn’t support them even if non-SSL is supported. I discovered this while a friend was toying around with Kismet at a local cafe. I typically connect to an OpenSSL VPN whenever I use public networks, but due to the nature of the plugin it connects before I have a reasonable chance to enable the VPN… hence my friend captured my password. Fun.

I would also like to take this oppurtunity to remove any liability from myself for anything posted to my Twitter account in the future ;)

]]> http://blog.securism.com/2009/01/gnome-do-microblogging-plugin-authenticates-over-clear-text/feed/ 0