Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Tuesday, 31 January, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Match.com revealed to not use HTTPS

by The Gurus
April 20, 2015
in Editor's News
data breach
Share on FacebookShare on Twitter

Dating website Match.com has been revealed to not be using SSL to protect user data.
According to Ars Technica the dating site does not use HTTPS encryption to protect its login page, potentially allowing anyone with a man-in-the-middle vantage point to pilfer the credentials.
Ars reader Scott Bryner, alerted Ars to the issue, but it is unclear exactly how long the site has failed to encrypt user credentials. Bryner provided the screenshot immediately above this paragraph, which suggests Match.com is experiencing a server configuration error that’s redirecting all HTTPS traffic to an HTTP connection.
TK Keanini, CTO of Lancope, said: “This is always a concern of mine because, not only on your PC, but on your mobile phones and tablets, you really don’t know if those 40+ applications you are using across untrusted networks are secured by properly implemented HTTPS transactions. The problem is the only people doing quality assurance here are the attackers. Anything less than HTTPS using TLS should be a ‘no ship’ and redesigned.
“Match.com is significant to a lot of people; I met my wife on Match.com. The amount of trust, emotion, and communication that goes on between what begins as complete strangers is already an attackers dream but then to have the technology expose credentials in this manner is unacceptable and really needs to be addressed as the advantage is to the attacker.”
Adam Winn, senior product manager at OPSWAT, said: “It is simply not acceptable to use HTTP for a website’s login page. There really is no excuse for not using HTTPS. HTTPS is a straightforward and low cost solution that ensures that data is encrypted and safe.
“On pages where users are asked to submit sensitive information, HTTPS should always be used with TLS as the preferred encryption type. In addition to encrypting data in transit, HTTPS also protects data from being manipulated and can therefore prevent any phishing and malware injection attacks on the page.”

FacebookTweetLinkedIn
Tags: HTTPSSSL
ShareTweetShare
Previous Post

RSAC – Focus on mentoring and training to bypass skills shortages

Next Post

eBay Magnetro flaw revealed and patched

Recent News

JD Sports admits data breach

JD Sports admits data breach

January 30, 2023
Acronis seals cyber protection partnership with Fulham FC

Acronis seals cyber protection partnership with Fulham FC

January 30, 2023
Data Privacy Day: Securing your data with a password manager

Data Privacy Day: Securing your data with a password manager

January 27, 2023
#MIWIC2022: Carole Embling, Metro Bank

#MIWIC2022: Carole Embling, Metro Bank

January 26, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information