Jon (j_b) wrote,
Jon
j_b

Security is hard! Let's go shopping!

20:04 <@Hobart> SIGH.
20:04 <@Hobart> I find a site with some nice jewlery for the GF, but the amateurishness of it makes me do a view-source.
20:04 <@Hobart> They put up a fucking mail form as an HTTPS page, but then have that fucking form post NONSECURELY to a formmail.pl
20:05 <@Hobart> https://www.XXXXXX.XXX/ssl/XXXXXX/Mailform.html
20:06 * Hobart leaves them a voicemail asking them to call.
20:07 <@Hobart> They're doing good in Pagerank for what they sell, pity for them to be set up so wrong.
20:07 <@Hobart> META NAME="GENERATOR" CONTENT="Microsoft FrontPage 5.0"
20:08 <@Hobart> I take back the formmail.pl, it's just cgi-bin/mailform.
20:08 <@Hobart> But regardless, that means they're sending CC info through uncrypted plaintext smtp right after they get it.
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 1 comment