Online Accounts: Account plugins

  1. Bug #1037169
  2. Activity log

Activity log for bug #1037169

Date Who What changed Old value New value Message
2012-08-15 15:42:27 Jamie Strandboge bug added bug
2012-08-15 15:42:56 Jamie Strandboge description Running a packet sniffer (tcpcump or wireshark would do) on traffic going to port 80 I discovered the following account-plugins are using http to fetch the login page when setting up an account: - account-plugin-flickr - account-plugin-sina - account-plugin-sohu As a result, these pages can be used in a MITM attack. Please adjust these use an https url instead. Running a packet sniffer (tcpcump or wireshark would do) on traffic going to port 80 I discovered the following account-plugins are using http to fetch the login page when setting up an account: - account-plugin-flickr - account-plugin-sina - account-plugin-sohu As a result, these pages can be used in a MITM attack. Please adjust these to use an https url instead.
2012-08-15 15:43:30 Jamie Strandboge bug added subscriber Ubuntu Desktop
2012-08-15 18:06:10 Ken VanDine account-plugins (Ubuntu): status New Invalid
2012-08-15 18:46:18 Ken VanDine account-plugins (Ubuntu): status Invalid Confirmed
2012-08-15 18:47:28 Launchpad Janitor branch linked lp:~ken-vandine/online-accounts-account-plugins/lp_1037169
2012-08-15 18:50:17 Launchpad Janitor account-plugins (Ubuntu): status Confirmed Fix Released
2012-08-15 18:53:01 Ken VanDine bug task added online-accounts-account-plugins
2012-08-15 18:53:10 Ken VanDine online-accounts-account-plugins: status New Confirmed
2012-08-15 18:53:24 Ken VanDine online-accounts-account-plugins: assignee David King (amigadave)
2012-08-15 19:47:37 Launchpad Janitor branch linked lp:ubuntu/account-plugins
2012-08-15 21:09:32 Sebastien Bacher removed subscriber Ubuntu Desktop
2012-08-15 21:09:48 Sebastien Bacher bug added subscriber Canonical Desktop Team
2012-08-17 01:12:21 Launchpad Janitor branch linked lp:online-accounts-account-plugins
2012-08-17 01:16:06 Ken VanDine online-accounts-account-plugins: assignee David King (amigadave)
2012-08-17 01:16:12 Ken VanDine online-accounts-account-plugins: milestone 0.6
2012-08-30 10:31:01 Alberto Mardegan online-accounts-account-plugins: status Confirmed Fix Released
2016-07-29 13:46:36 Curtis Hovey removed subscriber Registry Administrators