4square is not safe

A friend who is super anti 4 square has been scaring me again . . .

The above screenshot was taken from Wireshark listening in on a gateway Wifi NIC to my iPhone. Take a good look at the “Authorization: Basic” line in the above screenshot – Foursquare sends my account’s username and password in plaintext over HTTP, without any encryption. They send it every time you open that Foursquare app. If anybody has access to any routers between you and foursquare, or foursquare’s DNS happens to be hijacked by anybody anywhere up your DNS chain.. or someone is setting up a public wifi intercepting foursquare HTTP requests, and you joined it… you’re screwed.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s