Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




6328 posts

Uber Geek
+1 received by user: 391

Moderator
Trusted
Lifetime subscriber

Topic # 29481 8-Jan-2009 17:09
Send private message

Stuff: Mr Godman said he took them at their word and completed his online application using his credit card.

"I will be taking them to task should I notice any unlawful use of my credit card."

 

No padlock at the bottom of the screen = insecure, not matter what the website says.  Mr Godman should've seen that there was no padlock and not submitted his credit card details.

 

I have a secure, unhackable website for entering credit card details - I should send it to him...


Create new topic
1780 posts

Uber Geek
+1 received by user: 35

Trusted

  Reply # 188257 8-Jan-2009 17:40
Send private message

lol, I know exactly what you mean, hmm a bit OT but I like the LTNZ website :)

27252 posts

Uber Geek
+1 received by user: 6684

Moderator
Trusted
Biddle Corp
Lifetime subscriber

  Reply # 188258 8-Jan-2009 17:43
Send private message

From a security perspective it's not great. In reality though the risk of that data being intercepted is very minimal.

Where is your data going to be captured over a non SSL connection? An ISP who decided to capture every packet and look for credit card numbers?

The reality is the greatest risk of fraud comes from having a keylogger trojan on your PC which throws SSL security out the door. Even if accessing a secure site somebody can scan through the logs and know that when they come across a 16 digit number that will typically have a name and expiry date close by that they're stumbled onto your credit card details. That's dead easy.

Given the choice of giving my credit card details over a non SSL connection on a guaranteed spyware free machine or giving them on a spyware infested machine with SSL I'd take the non spyware option any day.


 
 
 
 




6328 posts

Uber Geek
+1 received by user: 391

Moderator
Trusted
Lifetime subscriber

  Reply # 188260 8-Jan-2009 17:49
Send private message

How about a lax administrator password on the box hosting that website? Instead of just capturing one person's credit card details, you could download the whole database.

BUT the site has SSL so all is safe in the world, since SSL also secures the database your card details are stored in.

Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.