Linked by Thom Holwerda on Fri 17th Jun 2011 18:49 UTC
Privacy, Security, Encryption Oh boy, what do we make of this? We haven't paid that much attention to the whole thing as of yet, but with a recent public statement on why they do what they do, I think it's about time to address this thing. Yes, Lulz Security, the hacking group (or whatever they are) that's been causing quite a bit of amok on the web lately.
Thread beginning with comment 477730
To view parent comment, click here.
To read all comments associated with this story, please click here.
RE[2]: ...
by Alfman on Sat 18th Jun 2011 20:31 UTC in reply to "RE: ..."
Alfman
Member since:
2011-01-28

Thom Holwerda,

Another point to make is that by allowing third parties to execute code on your web pages, you've implicitly given them access to our credentials as well.


For example, your pages are running scripts from google adsense, google analytics and quantcast. Any one of these could target osnews users if they wanted to and capture credentials without even touching anything on the site.

I'm often a little surprised how little this bothers people.

Reply Parent Score: 3

RE[3]: ...
by Lennie on Sun 19th Jun 2011 10:02 in reply to "RE[2]: ..."
Lennie Member since:
2007-09-22

Ohh really ? I didn't see them. ;-)

Sorry OSnews crew, I would like to see them. :-(

Really I do, although they can be a bit distracting at times.

But scripts loading from other sites and document.write just don't cut it for me. They affect performance and security a tad to much for my liking.

I block every external file with a plugin right now, which is highly annoying with people adding more and more domains to their site and loading JQuery and it's plugins and more of the same from Google, Microsoft and Yahoo.

Still I do run those adds on my own site though. :-(

They are at the bottom of the page, where they have the least impact on performance.

The site makes less money than the hosting would cost but that is currently free for us, so is the site for the users.

I wish SPDY/HTTPS/SNI would be in widespread use that would really help to speed up websites and make them secure. And not need to use HTTP like Alfman mentioned above.

While I'm talking things which could be really improved, the Certificate Authority system (as used by HTTPS and friends) could really be improved by the use of DNSSEC.

So now this comment is long enough. :-)

Edited 2011-06-19 10:09 UTC

Reply Parent Score: 2