Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

I think you mean it includes HTTPS URLs. At least from the video, there doesn't seem to be any information about logging HTTP authentication or form submitted data.

This is also a reason why you shouldn't put sensitive information in the querystring even if using HTTPS - too many systems might accidentally log or show that in history.



Well put two and two together. They record key strokes and HTTPS URLS.

If I go to gmail.com and type in z a c h a y s a n [CLICK ONTO OTHER FORM FIELD] m y p a s s w o r d Then they have access to my data. Period.

This is why two step authentication is so important.


Somehow I don't think that doing a secondary authentication over SMS would help much in the scenario you're outlining.


It would, because they wouldn't just be able to passively log in, they would have to enter the password, reroute the sms (so that I didn't see it) and then log in to the email system (which is recorded on "this account was last accessed at").




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: