SEARCH
Tag Archives: Ning
Is Your Username Available At These 72 Social Networks?
Posted in: Social Media by Kuzzuk on April 15, 2009
Image Source: sxc.hu
Just type in your username and click the “chk” button and viola, it shows whether the username is taken or not for the 72 social networks the service currently covers (see screenshot below as well as the tags). I wish it would go one step further and allow me to register for these social networks should my username be available. However, I know that would be quite difficult but I like asking for the pie in the sky.
Before I forget, here’s a blank copy of the spreadsheet I use to track my usernames on social networks.
Security Loophole In Ning Social Networking App?
Posted in: Social Media by Kuzzuk on April 8, 2009
Image Source: sxc.hu
One of our members dropped me a Facebook message informing me of the security loophole telling me that Ning transmits email address and password in cleartext.
the site is transmitting userid and password in clear text. i know the login form with ning id is secure but there there a field named xg_token as “xg_token=&emailAddress=me@gmail.com&password=password” somewhere in the code that is doing this.
Like I said before, I’m not an online security expert but I downloaded a sniffer from Effetech to test the claim using my own email address and password in Ning. I could see my password in cleartext (masked in the screenshot below). Additionally, as a logical test I tried sniffing my own Gmail username and password which was unsuccessful. In my own layman way, this probably means that the Ning password is being sent in cleartext while Gmail sends it securely.
I have informed Ning and let’s see what they have to say about it. Meanwhile, has anyone had this issue with Ning before?