[ Date Index ][
Thread Index ]
[ <= Previous by date / thread ] [ Next by date / thread => ]
On Thu, 1 May 2003, Paul Weaver wrote: > When people worry about internet security it's hillarious. The weakest link is > the banks, and people. Its so easy to get someones details the old fashioned > way, using social engineering, theres no need to break in to large data > centers yes - because SSL means that a website is 'secure' ;) It is hard to explain to people that SSL only means that the connection between their browser and the server is relatively secure but that the credit card details are much easier to get from elsewhere.. - SQL Server : many known vulnerabilities, many systems unpatched and open to the web - ASP/PHP/etc : many know vulnerabilities as well SQL injections and bad application design make it possible to get all those lovelly cc details stored on the system - internet explorer : so so buggy its a joke, and quite happy to leak documents and full access to your system and its cache to all an sundry - Windows (or dead rat or slowarsis) : many old systems vulnerable to exploits and pretty easy to go in and copy the whole 'ecommerce' database for your later perusal. Mind you there are also the many receipts you have probably thrown away that hold your full cc details and signature - Railway Ticket CC booking have all your CC details, most restaurant and other places that take CC cards will have copies of your details sitting around in the till as well as your copy that will get left in your hand bag or thrown away. If you really want stolen identities and CC info its a piece of cake - much easier that burglary or mugging. A. -- The Mailing List for the Devon & Cornwall LUG Mail majordomo@xxxxxxxxxxxx with "unsubscribe list" in the message body to unsubscribe.