archives

HTTPS and logins to LtU.

With the new hosting solution I'm observing that we don't have HTTPS connections on the page where people are logging in. This exposes LtU logins to HTTP eavesdroppers.

Given that lots of people use the same password across multiple sites (even though everybody already knows they oughtn't) this probably also exposes a number of users' ALT, Amazon, Ashley Madison, Banking, BeNaughty, Bing, BoingBoing, Buddybang, Craigslist, DeviantArt, Diaspora, Digg, Discord, Douyen, Ebay, EstablishedMen, Facebook, Fark, Fetlife, Flicker, Foursquare, Friendica, Gab, Glee, GnuSocial, Google, Grindr, Imgur, Instagram, Limewire, LinkedIn, LINE, LiveJournal, Mastodon, Meetup, MySpace, OKCupid, Patreon, Parler, Pinterest, PlosOne, Reddit, QQ, Qzone, Quora, ResearchGate, SecondLife, Seeking, Slack, SocialCast, Snapchat, SomethingAwful, SoundCloud, Stack Overflow, Sharesome, Steam, Telegram, Tiktok, Tinder, Truth social, Tumblr, TV Tropes, Twitch, Twitter, Vimeo, WeChat, Weibo, Viber, WattPad, WhatsApp, Wikipedia, WordPress, Yahoo, Yammer, Yelp, and Youtube passwords.

Though probably not all of them for any one person.

Just sayin, this ought to be corrected.