Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

webappsec logo WebApp Sec mailing list archives

Re: as security pro's, how do you use the web now?
From: Haroon Meer <haroon () sensepost com>
Date: Fri, 14 Jan 2005 17:32:16 +0200
Hey Daniel.
Its always tricky because you can very easily end up 6 steps into the order process trying to explain that instead of typing "Credit Card Number" you typed ' group by CCNum (an honest typing error?)
Of course, the fact that once you called it in, the guy at the other end scribbled it on a piece of paper thats currently sitting on his desk while janitorial staff walk around is another interesting side-effect and hardly more secure..
[a] probability that someone is remotely hax0ring the database and extracting your credentials - X % [b] probability that someone is sniffing traffic inline and stealing your credentials - X % [c] probability that the person you spoke to is earning minimum wage and knows how to use a credit card - XX % 

/totally non-constructive post

/mh

Daniel wrote:

With more of my purchases being made on the web today, i'm always
concerned that the site I'm using is making use of decent security
standards.

Last night i was purchasing some art on line and when it came to the
payment section, the whole thing was iffy and didn't seem right. Even
on the most basic input field, there was no validation being performed
(yes i added a back tick, and even though some might find this wrong,
i would like to know that my banking details are being handled in
accordance with UK data protection laws)
I didn't go any further and decided to phone in my order via the phone. Does anyone else do this? I know that it opens up a whole can of worms regarding acceptable 
usage of the site, and it would be interesting to see what other
people think.



Daniel



--
======================================================================
Haroon Meer                                                         MH
SensePost Information Security                          +27 83786 6637
PGP : http://www.sensepost.com/pgp/haroon.txt     haroon () sensepost com
======================================================================

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]