31 posts tagged with security.
Displaying 1 through 31 of 31. Subscribe:
PSA: "Stylish" browser add-on steals your internet history
The popular "Stylish" browser extension, which allows you to download custom styles for a given site (such as making text more readable, removing UI cruft, or adding a professional white background), has been silently logging its users web activity for the last year and a half. The new owners of the add-on at the time, SimilarWeb, offer products including “Market Solutions To See All Your Competitors’ Traffic.” [more inside]
MetaFilter is moving to https as a default
A week from now, we'll be updating MetaFilter to always serve https pages instead of http! You most likely don't need to care at all that this is happening, but I'll explain what it means below. Come on in! [more inside]
Can't find post about infosec/hacking challenges
I could have sworn that a few months ago someone posted an FPP to a webpage made by a couple of guys who designed some interesting "real world" infosec/cryptography/hacking exercises meant to expand awareness of internet security, and now I can't find it anywhere. [more inside]
Is it possible to request a 'Force SSL' option in the User Preferences?
The EFF offers HTTPS Anywhere, but it's not available for all browser, and fails on some script calls.
As a feature this would be amazing. Thank you!
Improve Account Security With This One Weird Trick (Hackers Hate It)
Password Security Update
We're changing the way we store passwords at MetaFilter. You can help us test the new system by changing your password today. [more inside]
So, what would be the fallout of a MeFi security breach?
Are my embarrassing anonymous questions permanently associated with my regular account? I think I used a credit card to pay for my registration; is my credit card information (and thus real name and address) still on record? [more inside]
Heartbleed SLL bug vulnerability
I've got the Chrome addon for the Heartbleed server test site and it's just given me a message saying that metafilter.com is vulnerable to the Heartbleed SSL bug. More information about the bug.
Metafilter Data Retention Policy?
What protocols does Metafilter have for dealing with a National Security Letter? (Inspired by this post.) [more inside]
Malware warning on almost all links including contact form
Just an FYI, anything I click link-wise, although NOT the new-post button, returns this warning in chrome. [more inside]
How strong is your MetaFilter password?
How strong is your MetaFilter password? [more inside]
Speak Friend, And Enter
It would be nice if the system would generate an automatic email confirming password resets. [more inside]
MeFi > NYT
metafilter.com redirecting to login page
www.metafilter.com just redirected me several times to the login page. Then I received a warning message about security certificates. I chanced it and logged in, now everything's normal. Anybody else getting this? (btw, subdomains also redirected me to the login page). [more inside]
the bad bad internets
so, about this post --> http://www.metafilter.com/73909/History-of-the-DC-Universe ... please read all of more inside first before looking at the post. [more inside]
Whoa - security/cookie issues?
Whoa - security/cookie issues? [more inside]
Fears for Obama's safety not a reasonable topic?
This post which raised the issue of fears among some in the African-American electorate that Barack Obama would not be safe as president. The thread was shut down for reasons of WTF. Not exactly sure what the problem was, and I was disappointed, as I had recently heard about this and was hoping the thread would shed some light on the issue. This NYT article would be a good starting point for discussion.
New login system, finally!
We've finally finished a several month long project today by reworking the back end of Metafilter to bring site security practices up to date. The new login system we were testing yesterday is now live for everyone. And you can even change your password now, after 8 years of everyone asking! [more inside]
I didn't request my password?
I got a "Your MetaFilter password request" e-mail but I didn't request my password? [more inside]
Firefox Vulnerability Issue
New firefox vulnerability leaves people open to password theft:
Proof of concept here
Does metafilter strip out form tags?
Proof of concept here
Does metafilter strip out form tags?
Is MeFi protected against cross-site request forgery?
Is MeFi protected against CSRF? I know the logout link isn't (should be a form button anyway) and could be triggered by displaying an image to a MeFi user, but if the forms are vulnerable things could get nasty (imagine someone posting a link that changes your prefs, or makes you create a post, etc.). Just askin'...
Will MetaFilter get persistent SSL?
Will MetaFilter get persistent SSL, like Craigslist?
Tell us when TSA actually finds something...
Is there anything that makes this post good? (mi)
Are you taking away our freedoms for your security?
Ok, in this comment by #1, it is revealed that user pages have been considerably further locked down. I wonder, is all that extra security still in place? [more inside]
username entity-ified
eponymous blargh registered himself a sock puppet using html entities which looks exactly like my username. thank you.
SSL for Metafilter
I've been spending lots of time on wireless networks lately, so I finally up and got an SSL certificate for MetaFilter. Enjoy. Eventually I'll try to get all the user/pass pages going through https:// to make the site more secure.
The recent hardware upgrade left the server vulnerable to worms
Alas, there was a critical fact overlooked on the recent hardware upgrade, one which left the server vulnerable to the [sapphire|slammer|SQ hell] worm. All's better now.
What exactly is it that just happened to Blogger?
What exactly is it that just happened to Blogger? I saw hints that there had been some sort of security breach, and now everything is inaccessible. (And the Blogspot server is outright offline as I write this.) There was some sort of password break?
IE has a huge, gaping hole
IE has a huge, gaping hole that allows executable files to be downloaded and run on the computers of browsers.
Pynnonen revealed that the bug lies in IE's processing of Internet addresses and "header" information that tells the browser what type of file it is handling. The flaw is particularly dangerous because it can be exploited using ordinary Web page code, without help from JavaScript or other scripting programs, he said.
thanks to the wonder of non-disclosure agreements, we won't know the precise nature of the bug (yet), but this one sounds bad.
Pynnonen revealed that the bug lies in IE's processing of Internet addresses and "header" information that tells the browser what type of file it is handling. The flaw is particularly dangerous because it can be exploited using ordinary Web page code, without help from JavaScript or other scripting programs, he said.
thanks to the wonder of non-disclosure agreements, we won't know the precise nature of the bug (yet), but this one sounds bad.
the comment submit box has my user password stored as clear text
I was looking at the source in the Auto-close Open Tags thread, and I noticed that the comment submit box has my user password stored as clear text. It's not like MeTa/MeFi need to be highly secure, but I'm wondering if there is a better way to handle that.
what stops people from using metafilter like metababy?
what stops people from using metafilter like metababy? Is it understood? Is some sort of Hive Mind at work here? Although you retain final edit control Matt, what stops someone from entering malicious code or javascript that provides information about members to a second source unnoticed? Is there some sort of preventative measure I don't know about?
Page:
1