WebApp Sec mailing list archives
Re: as security pro's, how do you use the web now?
From: Haroon Meer <haroon () sensepost com>
Date: Fri, 14 Jan 2005 17:32:16 +0200
Hey Daniel.Its always tricky because you can very easily end up 6 steps into the order process trying to explain that instead of typing "Credit Card Number" you typed ' group by CCNum (an honest typing error?)
Of course, the fact that once you called it in, the guy at the other end scribbled it on a piece of paper thats currently sitting on his desk while janitorial staff walk around is another interesting side-effect and hardly more secure..
[a] probability that someone is remotely hax0ring the database and extracting your credentials - X % [b] probability that someone is sniffing traffic inline and stealing your credentials - X % [c] probability that the person you spoke to is earning minimum wage and knows how to use a credit card - XX %
/totally non-constructive post /mh Daniel wrote:
With more of my purchases being made on the web today, i'm always concerned that the site I'm using is making use of decent security standards. Last night i was purchasing some art on line and when it came to the payment section, the whole thing was iffy and didn't seem right. Even on the most basic input field, there was no validation being performed (yes i added a back tick, and even though some might find this wrong, i would like to know that my banking details are being handled in accordance with UK data protection laws)I didn't go any further and decided to phone in my order via the phone. Does anyone else do this? I know that it opens up a whole can of worms regarding acceptableusage of the site, and it would be interesting to see what other people think. Daniel
-- ====================================================================== Haroon Meer MH SensePost Information Security +27 83786 6637 PGP : http://www.sensepost.com/pgp/haroon.txt haroon () sensepost com ======================================================================
Current thread:
- as security pro's, how do you use the web now? Daniel (Jan 14)
- Re: as security pro's, how do you use the web now? Haroon Meer (Jan 14)
- Re: as security pro's, how do you use the web now? Rogan Dawes (Jan 15)
- <Possible follow-ups>
- RE: as security pro's, how do you use the web now? Sorensen, Clark C (Jan 15)
- Re: as security pro's, how do you use the web now? ACMurray (Jan 19)
- Re: as security pro's, how do you use the web now? Matthew Caston (Jan 23)