Simon Willison's Weblog: tunisiahttp://simonwillison.net/2011-01-24T18:45:00+00:00Simon WillisonThe code injected to steal passwords in Tunisia2011-01-24T18:45:00+00:002011-01-24T18:45:00+00:00https://simonwillison.net/2011/Jan/24/code/#atom-tag
<p><strong><a href="http://blog.jgc.org/2011/01/code-injected-to-steal-passwords-in.html">The code injected to steal passwords in Tunisia</a></strong></p>
Here’s the JavaScript that (presumably) the Tunisian government were injecting in to login pages that were served over HTTP.
<p>Tags: <a href="https://simonwillison.net/tags/javascript">javascript</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/recovered">recovered</a>, <a href="https://simonwillison.net/tags/tunisia">tunisia</a></p>
Quoting Nat Torkington2011-01-24T18:11:00+00:002011-01-24T18:11:00+00:00https://simonwillison.net/2011/Jan/24/torkington/#atom-tag
<blockquote cite="http://radar.oreilly.com/2011/01/four-short-links-24-january-20.html"><p>National politics of snoopiness vs corporate ethic of not being evil aren’t directly compatible, and the solution here only works because (let’s face it) Tunisia is not a rising economic force. If you’re selling ads in China, you don’t get to pretend that the Great Firewall of China is a security issue.</p></blockquote>
<p class="cite">— <a href="http://radar.oreilly.com/2011/01/four-short-links-24-january-20.html">Nat Torkington</a></p>
<p>Tags: <a href="https://simonwillison.net/tags/china">china</a>, <a href="https://simonwillison.net/tags/nat-torkington">nat-torkington</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/recovered">recovered</a>, <a href="https://simonwillison.net/tags/tunisia">tunisia</a></p>
The Inside Story of How Facebook Responded to Tunisian Hacks2011-01-24T18:06:00+00:002011-01-24T18:06:00+00:00https://simonwillison.net/2011/Jan/24/tunisia/#atom-tag
<p><strong><a href="http://www.theatlantic.com/technology/archive/2011/01/the-inside-story-of-how-facebook-responded-to-tunisian-hacks/70044/">The Inside Story of How Facebook Responded to Tunisian Hacks</a></strong></p>
“By January 5, it was clear that an entire country’s worth of passwords were in the process of being stolen right in the midst of the greatest political upheaval in two decades.”—which is why you shouldn’t serve your login form over HTTP even though it POSTs over HTTPS.
<p><small></small>Via <a href="http://radar.oreilly.com/2011/01/four-short-links-24-january-20.html?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A oreilly%2Fradar%2Fatom %28O%27Reilly Radar%29">O'Reilly Radar</a></small></p>
<p>Tags: <a href="https://simonwillison.net/tags/facebook">facebook</a>, <a href="https://simonwillison.net/tags/http">http</a>, <a href="https://simonwillison.net/tags/https">https</a>, <a href="https://simonwillison.net/tags/security">security</a>, <a href="https://simonwillison.net/tags/recovered">recovered</a>, <a href="https://simonwillison.net/tags/tunisia">tunisia</a></p>