LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   E-tailer keeps telling me site is secure when even I can see it is not. (https://www.linuxquestions.org/questions/linux-security-4/e-tailer-keeps-telling-me-site-is-secure-when-even-i-can-see-it-is-not-67470/)

ArthurDaley 06-23-2003 10:22 AM
E-tailer keeps telling me site is secure when even I can see it is not.
 
I aint no hacker, just a consumer, but Im getting worked up with a e-tailer who claims their site is secure and even as a naive consumer I can see it is not!

Anyone please feel free to check it out, full background details can be found here:

?http://www.lancerregister.com//show...&threadid=24249

The site in question can be found here:

http://www.j-w-racing.com


So tell me is it secure?

rshaw 06-23-2003 10:29 AM
define secure

ArthurDaley 06-23-2003 10:30 AM
In this scenario encrypt the cred card + security number + details instead of send it open to all.

rshaw 06-23-2003 10:39 AM
it's not. normal sites switch to encrypted when the cc detail screen comes up. not good

rshaw 06-23-2003 10:43 AM
email the bozo's and ask them WTF

ArthurDaley 06-23-2003 11:34 AM
I did email them. They gave me lots of abuse and said I was wrong. Im just a plain old consumer and have nothing to do with web develop. (telecoms dude instead)

See the scenario here:

http://www.lancerregister.com//showt...threadid=24249

unSpawn 06-23-2003 12:18 PM
Obviously they only care for consumers' money, not consumer care.
As always with these type of companies, taking your money and your business elsewhere will keep *you* happy. If you got a national consumers Watchdog (you have), firing off a message wouldn't be a bad idea IMO because:

1. A simple search for "Actinic" leads to a CSS issue: http://www.securityfocus.com/bid/4042/discussion/
2. A simple search using Netcraft shows no SSL capable site for www.j-w-racing.co.uk (.com is a redirect). In fact, traffic to port 443 is just blocked. Netcatting or telnetting to their :443 shows the same result.
3. AFAIK is you login it doesn't get posted to an SSL capable URI.

rshaw 06-23-2003 12:26 PM
like i said, bozo's. some sales dweeb that wouldn't know a secure connection if he saw one.

rshaw 06-23-2003 12:31 PM
report them to the cc companies, they lose tons of money each year due to fraud, i think they would be happy to slap around a vendor that is being that stupid.

unSpawn 06-23-2003 12:43 PM
"Bozo's" just ain't gonna cut it if you report the site, but vulnerabilities, no traffic security and Cc companies... now there's arguments ppl can deal with.

rshaw 06-23-2003 12:52 PM
i still like 'bozo's', maybe 'dunderheads'


All times are GMT -5. The time now is 12:23 AM.