- Messages
- 4,373
- Location
- Hafnarfjörður IS
Hi there
sometimes when web sites logon automatically with your password - these passwords have to be stored somewhere - and transmitted. Since these are often transmitted in the URL anybody can intercept your data if they are so inclined - so a hacker doesn't even NEED to use any password cracking technology -- just using your data stream presumably they could logon to your Bank account and empty it.
Maybe I'm being paranoid here or have I totally misunderstood how the system works but the password (encrypted) has to be transmitted in the data sent to the target website and most of the data string is initially sent as a string in the URL.
Hopefully someone here can explain either is this TRUE - or is it FALSE. In any case especially with Banks etc I always set to completely logoff -- however it doesn't prevent the essential weakness that a string is sent to the target web site over the public Internet and this string can be intercepted - and replicated.
(As an Engineer we often used to use things like Datascopes to analyse / read the data streams that were being sent / received over various devices so the technology is there to capture this stuff -- it's been around since the late 1960's !!!).
Cheers
jimbo
sometimes when web sites logon automatically with your password - these passwords have to be stored somewhere - and transmitted. Since these are often transmitted in the URL anybody can intercept your data if they are so inclined - so a hacker doesn't even NEED to use any password cracking technology -- just using your data stream presumably they could logon to your Bank account and empty it.
Maybe I'm being paranoid here or have I totally misunderstood how the system works but the password (encrypted) has to be transmitted in the data sent to the target website and most of the data string is initially sent as a string in the URL.
Hopefully someone here can explain either is this TRUE - or is it FALSE. In any case especially with Banks etc I always set to completely logoff -- however it doesn't prevent the essential weakness that a string is sent to the target web site over the public Internet and this string can be intercepted - and replicated.
(As an Engineer we often used to use things like Datascopes to analyse / read the data streams that were being sent / received over various devices so the technology is there to capture this stuff -- it's been around since the late 1960's !!!).
Cheers
jimbo
My Computer
System One
-
- OS
- Linux Centos 7, W8.1, W7, W2K3 Server W10
- Computer type
- PC/Desktop
- Monitor(s) Displays
- 1 X LG 40 inch TV
- Hard Drives
- SSD's * 3 (Samsung 840 series) 250 GB
2 X 3 TB sata
5 X 1 TB sata
- Internet Speed
- 0.12 GB/s (120Mb/s)
