0

I was looking at weibo.com (chinese equivalent of twitter). I was surprised to see that their login page (http://www.weibo.com/) or forgot password page(http://login.sina.com.cn/forgot/index?entry=weibo) are not secure i.e not using HTTPS. Are these pages really secure? Am I missing something here?

binW
  • 141
  • 1
  • 5
  • Probable duplicate: http://security.stackexchange.com/questions/31748/credit-card-forms-on-http-pages-a-mitm-risk or http://security.stackexchange.com/questions/1692/is-posting-from-http-to-https-a-bad-practice – mr.spuratic Nov 11 '13 at 18:38

1 Answers1

1

No, such sites can eventually never be secure, since the information which is transfered can always be looked at and it can always be modified on it's travel or on the client side e.g. by malicious browser-add ons or any other malicious software running of the client.

This is particularly true, if the machine is a public "kiosk" mode operated terminal.

The above is true, regardless if authentication and/or encryption (confidentiality, integrity) is considered; none of this can be ensured without encrypting the communication.

M. Maier
  • 21
  • 1