maemo.org - Talk - Facebook Widget Sends Credentials Clear Text?

maemo.org - Talk (https://talk.maemo.org/index.php)

- Maemo 5 / Fremantle (https://talk.maemo.org/forumdisplay.php?f=40)

- - Facebook Widget Sends Credentials Clear Text? (https://talk.maemo.org/showthread.php?t=50465)

mail_e36

2010-04-19 13:47

Facebook Widget Sends Credentials Clear Text?

1 Attachment(s)

Does anyone know if the provided Facebook Widget on the N900 sends your username and password clear text? For example, you connect to a wireless network, your facebook widget updates, can other users on the network sniff your facebook credentials?

Also. is there any way to control when the FB widget updates, perhaps set it to update only when told to?

sepehrsfmech

2010-04-19 13:56

Re: Facebook Widget Sends Credentials Clear Text?

they cant sniff it...
and no u cant

mail_e36

2010-04-19 13:58

Re: Facebook Widget Sends Credentials Clear Text?

Please share... what is it that prevents another network user from sniffing the credentials? Are they hashed, sent encrypted, or what mechanism works here?

Lehto

2010-04-19 14:11

Re: Facebook Widget Sends Credentials Clear Text?

You could always download the wireshark to your N900 and find out yourself?

tumblebobm

2010-04-20 08:51

Re: Facebook Widget Sends Credentials Clear Text?

Hi sorry to let you down but I did a facebook login trace via wireshark just the other week on the PC and its not sent clear text.

jayford

2010-04-20 09:10

Re: Facebook Widget Sends Credentials Clear Text?

As far as I know, facebook's login is always https.

tumblebobm

2010-04-20 09:22

Re: Facebook Widget Sends Credentials Clear Text?

Yeah once it authenticates the user the rest of page views, chat etc are all plain text IP packets.

cweedon@yahoo.com

2010-04-29 00:04

Re: Facebook Widget Sends Credentials Clear Text?

but apparently the mauku widget totally is in clear text, i have both an ettercap and wireshark log to prove it. i will be spending the rest of the nights sniffing the rest of the social networking apps i have on this phone

woody14619

2010-04-29 00:18

Re: Facebook Widget Sends Credentials Clear Text?

Depending on the service it may be that the password is always clear text. By default most POP servers are clear text unless you're going to the secure authentication ports to do it. FTP is always clear text for passwords, as are IRC and several other commonly used tools. I'm not saying that's a good thing, just that it may not be entirely the apps fault. If a service is truly security aware they won't accept login credentials in a non-secured way to start with, so the apps would have to hash or encrypt credentials.

All times are GMT. The time now is 08:19.

vBulletin® Version 3.8.8