Page 2 of 2 FirstFirst 12
Results 21 to 31 of 31
  1. sck18's Avatar
    Posts
    191 Posts
    Global Posts
    210 Global Posts
    #21  
    bump - can we force contacts/calendar to sync using https? Or are ALL google connections SSL if you select "always use https" for gmail?
    Last edited by sck18; 02/26/2011 at 07:00 AM. Reason: typo
  2. #22  
    If you use gMail there is an "always use https" setting.

    Facebook has it now too - although using it screws some of the gaming apps up at this point.
    Trēo 650 -> Trēo 700P -> Trēo 755P -> Prē
  3. tomlamb's Avatar
    Posts
    29 Posts
    Global Posts
    33 Global Posts
    #23  
    Was anyone able to figure out if the Contacts use HTTPS when updating from Facebook, Twitter, LinkedIn, etc?
  4. rcmarvin's Avatar
    Posts
    46 Posts
    Global Posts
    66 Global Posts
    #24  
    Quote Originally Posted by lordbah View Post
    Are Calendar and Contacts automatically making unsecured connections periodically? If so, can't we patch them to use HTTPS?
    I don't think so, at least not all of them. I've made a test, by making my Pre connect to my computer via WiFi, then creating a new Google calendar event and a new Google contact. I found out that I can view the new calendar event and contact easily (i.e. they are in plaintext form, not encrypted).
  5. tomlamb's Avatar
    Posts
    29 Posts
    Global Posts
    33 Global Posts
    #25  
    I am surprised that I could not find anything to verify that the Facebook app and contact interface are done through HTTPS or Http. With the AT&T phones normally set to automatically connect to their Hotspots (Starbucks) I would think there would be enough concern to at least have HP/Palm give a statement about it.

    Update: According to a support supervisor, the default (LinkedIn, Facebook, Twitter) is to use http so that was not what I wanted to hear. If this is true, this would be a problem for those who automatically connect to AT&T hotspots as your info could get caught by Firesheep or FaceNiff. The supervisor said he would forward this as a feature request.
    Last edited by tomlamb; 06/07/2011 at 12:34 PM.
  6. #26  
    Does anyone know if the LinkedIn contact sync and application use https?
    Last edited by Unclevanya; 06/07/2011 at 12:48 PM.
  7. tomlamb's Avatar
    Posts
    29 Posts
    Global Posts
    33 Global Posts
    #27  
    The reply I got from one supervisor is that Facebook, LinkedIn, and Twitter by default connect via http. That is just one support session (started with a regular support guy and escalated to a supervisor) so you should take it with a grain of salt.
  8. #28  
    Quote Originally Posted by tomlamb View Post
    The reply I got from one supervisor is that Facebook, LinkedIn, and Twitter by default connect via http. That is just one support session (started with a regular support guy and escalated to a supervisor) so you should take it with a grain of salt.
    The answer they gave isn't really detailed enough - we need to know if the app and synergy both do this or if only one or the other do this. We also need to know if this can be changed easily or if OS patches are required.
  9. #29  
    Quote Originally Posted by Unclevanya View Post
    Does anyone know if the LinkedIn contact sync and application use https?
    Last I checked a couple days ago LinkedIn didn't yet support full session SSL but it's in their plans to do so. When they do though it will be off by default so you'll still need to turn it on in your account settings.
  10. tomlamb's Avatar
    Posts
    29 Posts
    Global Posts
    33 Global Posts
    #30  
    Quote Originally Posted by Unclevanya View Post
    The answer they gave isn't really detailed enough - we need to know if the app and synergy both do this or if only one or the other do this. We also need to know if this can be changed easily or if OS patches are required.

    I agree completely. As I am a new to WebOS (only 1 day) I am not sure where to send this, but for now I guess I will just keep the Wifi off.
  11. #31  
    Quote Originally Posted by tomlamb View Post
    I agree completely. As I am a new to WebOS (only 1 day) I am not sure where to send this, but for now I guess I will just keep the Wifi off.
    Probably a good solution for the most part.

    There are some SSL based proxies that would limit exposure on the local wireless network. These do not provide full ssl protection since they only provide the ssl tunnel to the gateway and from then on it's unencrypted again - but this does prevent people on the same lan stealing your info from the web browser - however it does not help for non-browser based connections.

    Potentially a VPN could help - but in the same way as before it would be limited to protection at the local network layer - once it reached the gateway it would be decrypted and vulnerable but presumably this would be a smaller risk.

    I haven't really tried either of these solutions with webOS - guess it's time to start looking into this.
Page 2 of 2 FirstFirst 12

Tags for this Thread

Posting Permissions