A new website created by a security consultant aims to embarass apps and web services that put user information at risk in hopes of having them migrate to HTTPs.
Tony Webster's site, HTTP Shaming, is intended to call out websites and apps – like MeetUp and Amtrak – that use unencrypted communications, thereby leaving personal user data – including names, addresses, usernames and passwords – open for eavesdropping on public networks, according to the site.
One recent post details the insecurity of travel site TripIt when linked with calendar applications. Information that TripIt shares with calendar apps is not encrypted, leaving it open for snooping on public networks and potentially allowing an attacker to access personal information, as well as even change a victim's flight.
TripIt responded to the post on Monday via its Twitter account, saying it is working to address the issue.