Unsecure internet forms

Discussion in 'NZ Computing' started by Rob, Jul 29, 2003.

  1. Rob

    Rob Guest

    I tried booking a flight today, and was going to fill in this form
    http://soundsair.co.nz/bookings.html, however I noticed that there was
    no lock symbol, and on the bottom of the form it stated.

    Please note that this site is NOT secure and it is possible although
    unlikely that your credit card details could be seen by an
    unauthorized third party. Soundsair Limited accepts no responsibility
    for any misuse of credit card details gained by illegal or malicious
    access to your credit card details by an unauthorised third party.
    Soundsair Limited reserves the right to restrict sales should booking
    requests exceed availability. In this event, any payments made will be
    refunded immediately.

    I am sure that credit card companies wouldn't be too happy to see a
    company that had a booking form like this, with no security in place,
    and also advertising that they had no security!
    I didn't use the form because of this, but I wonder if I would be
    liable to cover full cost, if I filled in the form and the details
    fell into the wrong hands. Anyone ever had any bad experiences with
    filling in order forms on unsecured web forms?
     
    Rob, Jul 29, 2003
    #1
    1. Advertising

  2. "Rob" <> wrote in message
    news:...
    > I tried booking a flight today, and was going to fill in this form
    > http://soundsair.co.nz/bookings.html, however I noticed that there was
    > no lock symbol, and on the bottom of the form it stated.


    Like they say, it is seriously unlikely to be captured en route. I doubt the
    credit card company cares.

    Cheers,
    Nicholas Sherlock
     
    Nicholas Sherlock, Jul 29, 2003
    #2
    1. Advertising

  3. Rob

    Ralph Fox Guest

    On Tue, 29 Jul 2003 14:16:54 +1200, in article
    <>, Rob wrote:

    > I tried booking a flight today, and was going to fill in this form
    > http://soundsair.co.nz/bookings.html, however I noticed that there was
    > no lock symbol, and on the bottom of the form it stated.



    If someone is going to steal your credit card number on the web,
    it is more likely to be through some other insecurity that you
    do not get any warning of.

    For example, this type of insecurity ...

    | The session logic is deeply flawed. The session logic is
    | about as simple as session logic can get – they use an
    | integer to track unique visitors and the integer is simply
    | incremented from one user to another. In order to retrieve
    | someone else’s confidential information (yes, their credit
    | card number among other things) one only needs to transmit
    | a simple request and vary a cookie value in order to read
    | client data.

    -- http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0302&L=ntbugtraq&F=P&S=&P=2823


    > Please note that this site is NOT secure and it is possible although
    > unlikely that your credit card details could be seen by an
    > unauthorized third party. Soundsair Limited accepts no responsibility
    > for any misuse of credit card details gained by illegal or malicious
    > access to your credit card details by an unauthorised third party.
    > Soundsair Limited reserves the right to restrict sales should booking
    > requests exceed availability. In this event, any payments made will be
    > refunded immediately.



    Well, at least they were being honest about it.

    Smewhere (I forget where now) I came across an other site which _said_
    that their payment form was secure, and yet it was not (no lock symbol
    on the browser). To me, that other lot were really a blatantly
    dishonest lot.


    > I am sure that credit card companies wouldn't be too happy to see a
    > company that had a booking form like this, with no security in place,



    I don't work for a credit card company and I can't comment.


    > and also advertising that they had no security!


    To you, does this advertising make it worse? IOW if they had no
    security, would you consider them better if they advertised nothing
    or even if they advertised (incorrectly) that they did have security
    in place?


    > I didn't use the form because of this, but I wonder if I would be
    > liable to cover full cost, if I filled in the form and the details
    > fell into the wrong hands.



    There are other insecurities on the web that you get no warning of
    which can allow your credit card number to fall into the wrong hands.


    > Anyone ever had any bad experiences with
    > filling in order forms on unsecured web forms?


    Not me, but I have only used my credit card a handful of times
    on the web.


    --
    Cheers,
    Ralph

    "There is only one boss, the customer. And he can fire everybody in
    the company from the chairman on down, simply by spending his money
    somewhere else." -- Sam Walton
     
    Ralph Fox, Jul 30, 2003
    #3
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. JE

    Logons on Unsecure system

    JE, Aug 23, 2005, in forum: Wireless Networking
    Replies:
    0
    Views:
    508
  2. graeme@invalid

    Firefox Forms Manager

    graeme@invalid, Nov 3, 2004, in forum: Firefox
    Replies:
    2
    Views:
    728
    Gary Mugford
    Nov 6, 2004
  3. =?Utf-8?B?S2FtYWw=?=

    wireless network does not connect to unsecure connection

    =?Utf-8?B?S2FtYWw=?=, Mar 16, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    2,323
    =?Utf-8?B?S2FtYWw=?=
    Mar 16, 2006
  4. =?Utf-8?B?YmVuZHk=?=

    2 wireless routers on the same network - one secure, one unsecure

    =?Utf-8?B?YmVuZHk=?=, Jul 10, 2006, in forum: Wireless Networking
    Replies:
    1
    Views:
    9,451
    Jack \(MVP-Networking\).
    Jul 10, 2006
  5. IIIIbarcodeIIII

    Protecting EHD on unsecure network

    IIIIbarcodeIIII, Mar 10, 2009, in forum: Hardware
    Replies:
    0
    Views:
    1,272
    IIIIbarcodeIIII
    Mar 10, 2009
Loading...

Share This Page