http://twitbin.com/blog/new-security-update/ News and developments from twitbin.com Sat, 06 Sep 2008 01:29:20 +0000 http://wordpress.org/?v=2.5 http://twitbin.com/blog/new-security-update/#comment-211 Dan Fri, 26 Oct 2007 21:37:52 +0000 http://twitbin.com/blog/new-security-update/#comment-211 Brian - Thanks for the quick fix and the great tool that is twitbin. Note, however, that the security issue with plaintext passwords in cookies extends to sending those plaintext passwords in HTTP requests, too -- compromise of the user's computer is not the only concern. So if those usernames and passwords are being decrypted and then sent via HTTP and not HTTPS, credentials are still going over the wire (or air) in plaintext. Brian - Thanks for the quick fix and the great tool that is twitbin. Note, however, that the security issue with plaintext passwords in cookies extends to sending those plaintext passwords in HTTP requests, too — compromise of the user’s computer is not the only concern. So if those usernames and passwords are being decrypted and then sent via HTTP and not HTTPS, credentials are still going over the wire (or air) in plaintext.

]]> http://twitbin.com/blog/new-security-update/#comment-210 Alex Wed, 24 Oct 2007 19:51:17 +0000 http://twitbin.com/blog/new-security-update/#comment-210 Thanks for making Twitbin and thanks for the security update. Thanks for making Twitbin and thanks for the security update.

]]>