WARNING: QRZ Security Issues

Discussion in 'Community Help Center' started by AE0S, Mar 25, 2018.

Tags:
ad: L-HROutlet
ad: l-rl
ad: Subscribe
ad: L-MFJ
ad: abrind-2
ad: Left-2
ad: Left-3
  1. AE0S

    AE0S XML Subscriber QRZ Page

    The API of QRZ allow and even promote the insecure transmission of passwords and api keys. The password allows full access to your QRZ account while the api allows full access to your QSO log including modification and deletions.

    Whenever you enter your QRZ password or api key into a third party program you don't know whether the program uses encrypted or plain text communication. The QRZ.com administration decided not to fix this security issue in order to continue to support third party applications that send passwords and api keys in plain text. Even new programs are still being created that are insecure. Thus security is not guaranteed.

    BTW, HamQTH and eQSL aren't any better since they have the same security issues.

    Think twice if you enter your QRZ password or api keys somewhere.
     
  2. K8ERV

    K8ERV Ham Member QRZ Page

    What is an API?

    TOM K8ERV Montrose Colo
     
  3. KG7PDC

    KG7PDC Premium Subscriber QRZ Page

  4. AE0S

    AE0S XML Subscriber QRZ Page

    Application Programming Interface. The agreed upon standard to exchange information and commands between software applications/programs. In this case it tells how your logging program should talk to QRZ.com.
    Here QRZ is the owner of the API and they define the rules (i.e. it's ok to send the password in plain text).
     
  5. K8ERV

    K8ERV Ham Member QRZ Page

    I checked that on Google but don't understand it, not a programmer. Not sure what the warning means to me. Is just logging in and using this site a problem? Enlarge?

    TOM K8ERV Montrose Colo
     
  6. AE0S

    AE0S XML Subscriber QRZ Page

    No, it's when you enter your QRZ password into your logging program or other sites (if they exist) that integrate (talk to) QRZ.com.
     
  7. K8ERV

    K8ERV Ham Member QRZ Page

    Ok, I don't use logging programs (only on VHF). Sure area a lotta bad guys out there.

    TOM K8ERV Montrose Colo
     
  8. KA9JLM

    KA9JLM Ham Member QRZ Page

    Nothing new. HDR is one good example that people do not think about.

    It is just ham radio.
     
  9. W1SRR

    W1SRR XML Subscriber QRZ Page

    Hummmm, does anyone have a list of which 3rd party software is encrypted? nice catch!
     
  10. KD0CAC

    KD0CAC Ham Member QRZ Page

    Still trying to figure out this Tom guy , I not do think good or bad , BUT ;)
     

Share This Page

ad: UR5CDX-1