Quote:
Originally Posted by Parkview_Pirate
I opened tickets with Twinspires and Xpressbet on this issue. Xpressbet quickly responded, indicating the issue was known and is being worked - but that it affects the general site only. Once logged in, the account and wagering info is secure. I went ahead and logged in, and indeed the web site is then appearing as normal - secure.
They recommend changing your password on a weekly basis until the issue is resolved. I suspect we'll find out more about the root cause of this problem, since it's affected SO MANY sites.
Still no response from Twinspires, which is the experience I've had in the past - slower and not as detailed as TVG or Xpressbet when issues are encountered, but no major gripes.
|
They're misinformed:
"Serving login forms over HTTP is especially dangerous because of the wide variety of attacks that can be used against them to extract a user’s password. Network eavesdroppers could steal a user's password by sniffing the network, or by modifying the served page in transit. This page details the security mechanisms Firefox has put in place to warn users and developers of such risks.
The
HTTPS protocol is designed to protect user data from eavesdropping (confidentiality) and from modification (integrity) on the network. Websites that handle user data should use HTTPS to protect their users from attackers. If a website uses HTTP instead of HTTPS, it is trivial to steal user information (such as their login credentials). This was famously demonstrated by
Firesheep. "
Doesn't matter how secure the site is AFTER your password has been sniffed. It's already too late for you.
