Hacker News new | past | comments | ask | show | jobs | submit login

#1 - yes, which is also a problem! But is actually less serious, because that doesn't give you knowledge of the old password which could be shared with another site. (Obviously in the ideal case it wouldn't be, but let's face it, it is for the vast majority of users.)

#2 - which is something that browser vendors are working to address (e.g. by displaying non-ascii characters in slightly different ways, e.g. punycode, and by blacklisting domains used for phishing, etc).




#1: It might be a problem, but it is also a clear indication to even a naive user that if they leave their browser logged in to Pandora, their account be compromised.

#2: Right. So there is a possibility that some day in the future, if you are really careful and check your TLS certificate every time you do something with your password, Pandora will be exposing you to a huge gaping hole, that you would otherwise only be exposed to if you used the Apple Store, Amazon, Ebay....


#1: How many times is too much when replying with #1 and #2?

#2: Answer: this many times.

So anyway, everyone change your Pandora password and be done with it. You can't buy anything with a Pandora account except to be able to listen to Pandora. That is not worth stealing, even if it is a great service. I pay for it, and I'm not going to stop because of Apple. They may have the library, but they don't have the years of experience that Pandora has in its market. I do think Apple will own the high-end home entertainment market eventually.


#!: 42. The answer is always 42.


Bring your towel much? ;)


The gist of your argument appears to be "you'll never be perfectly secure, so there's no reason to try to improve things incrementally".


No, the gist of my argument is that this isn't an additional security risk. Worrying about this is tantamount to looking at the lock on your front door, which itself is made out of plywood with a hollow center, and of course is attached to a house with several standard windows, not to mention sliding glass doors, one of which you tend to leave open all the time --and then screaming, "OH MY GOD I CAN'T BELIEVE THEY DID THIS! THIS LOCK COULD BE CRACKED BY A GUY WITH A HAND SAW IN 5 MINUTES!!! THEY REALLY SHOULD GET A STRONGER LOCK!"




Join us for AI Startup School this June 16-17 in San Francisco!

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: