nationwide interception of Facebook & webmail login credentials in Tunisia
Richard W.M. Jones
rich at annexia.org
Tue Jan 25 11:35:27 GMT 2011
JGC's blog has the technical details:
http://blog.jgc.org/2011/01/code-injected-to-steal-passwords-in.html
Moral of the story is to use https:// URLs to fetch the initial form
(ie. https://facebook.com/). The Firefox HTTPS-Everywhere extension
automates this completely (https://www.eff.org/https-everywhere) -- no
thought or technical skills required.
Rich.
--
Richard Jones
Red Hat
More information about the ukcrypto
mailing list