Yeah, I have a hard time believing that this is accurate. Definitely scary if true, but I would like to put my faith in Foursquare having checked this box a long time ago.
Also: why, after millions of checkins over public networks, is this only coming up now? Surely someone would have got burned by this by now?
>>Also: why, after millions of checkins over public networks, is this only coming up now? Surely someone would have got burned by this by now?
maybe because people usually check in over the Cellular data network and not wireless networks. I guess it'll be the same if there was a way to sniff out cellular data. Simple oversight or absence of a security mindset in app development.
I think one of the other geo-social-apps mandated checkins over WiFi (Loopt star i believe) .. It'll be interesting to see if they have the same flaw. In that case, it actually might be a bigger threat as the only way to send over information is over the wi-fi network.
Probably just because it's not very practical and there is no obvious payoff. You would have to sit around a popular spot for hours with a laptop sniffing the wifi to collect logins. What do you do with them? For SPAM purposes it would be easier to just make new accounts. As far as I know there's not a whole lot of valuable information in a FourSquare account like credit card numbers or banking information. Seems like the only thing you could really do is embarrass people.
A lot of people use the same passwords for GMail, bank, credit card, Facebook, ..., and Foursquare. So it's a big deal if you can easily collect passwords from any one of these services.
Exactly... I guess this is just another lesson that security of a network (in this case meaning all the different services we use) is only as strong as the weakest link. Certainly not going to be firing up the foursquare app for a while
one of my Facebook friends got his account compromised recently and a scam email was sent to many of his contacts. I think the scammer got the FB account somehow, and found the email of my friend as well as the emails of his FB friends shown on FB (like mine…).
It made me realize that your info on Facebook is as safe as the weakest account of your Facebook friends. I'm in control of my own passwords and make sure that all my passwords are different. But I can't control my friends' password policies, which are probably very weak overall.
True that there is no obvious threat to having access to someone's foursquare account and the worst that could happen to someone is checkins at random joints that could lead to embarrassment for some (viz. strip joints, certain clubs and so on).
However, unfortunately, there are people out there who will probably have the same password for their Facebook/Twitter accounts and even email accounts. Those are the people at threat here.
Also: why, after millions of checkins over public networks, is this only coming up now? Surely someone would have got burned by this by now?