Letter of the Month: No Security in the Padlock Icon
In November's Bugs and Fixes, Stuart J. Johnston states, "We have grown to believe that if we see the little padlock icon at the bottom of Internet Explorer screens, our transactions are safe." He then talks about a vulnerability that might let bad guys pose as a real site and get your credit card information.
The problem is actually worse than that. I wrote a paper in 1999 entitled "Are Secure Internet Transactions Really Secure?"
This paper discusses how many businesses--particularly small businesses--use third-party hosting. The little padlock indicates only that the connection from your browser to the site server is secure. It does not tell you how the company transfers your data from the server back to where the company can process it. In many cases sites use formmail.cgi or cgiemail.cgi to package the form data and e-mail it back to the business in plain text. If you were willing to send your data to the business in plain text, why wouldn't you just do that instead of using a secure form? In cases like this, the business is simply providing a false sense of security.
Unfortunately, consumers have no easy way--if any way at all--to determine whether the business is using a third-party server and an insecure back-end processing system.
Stephen Mencik, CISSPACS Defense, Gambrills, Maryland
PC World welcomes letters to the editor. We reserve the right to edit for length and clarity. Send e-mail to letters@pcworld.com.Would you recommend this story? YES NO
- Recommend:
- 0 Comments
-
Speed Up Everything!
PCWorld shows you the secrets to improve performance on all your hardware.
-
Stellar Tech Deals
Don't miss out on great deals from around the web.
-
ThinkPad Edge E420 Lenovo Style in an Affordable Package
Buy now direct from Lenovo -
ThinkPad X220 Fast and light, with great input ergonomics and battery life, this powerhouse ultraportable is best-of-breed.
Buy now direct from Lenovo -
ThinkPad X120e One of the best netbooks ever, X120e has the best netbook keyboard ever--nothing else comes close
Buy now direct from Lenovo
- 12 Criteria for Selecting the Best ERP System Replacement An ERP system is your information backbone and reaches into all areas of your business and value chain. Replacing it can open unlimited business opportunities. This white paper explains the 12 criteria that allow you to identify and select the solution that will meet these expectations.
- Leveraging Social Computing Technologies for ERP Applications This white paper details how Web 2.0 technologies support business strategies by improving efficiency, productivity, and collaboration.
-
How to Locate Your Unprotected Android Device
-
Apple to Ban Stealthy iPhone Contact Data Harvesting
-
The Byte: Google's Buy Approved, HDDs Soar, Sony’s Smart Socket
-
How to Block Websites
-
The Byte: Microsoft Hacked, Apple Wants Inspections, White House CTO Resigns
-
How to Change Your Browser's Default Search Engine
-
How to Reset Your Windows Password
-
Piracy Driven by Overseas Film Release Lag Time, Researchers Say
-
Google Wallet Suspends Prepaid Credit Card Functions
-
Aquaria for iPad Standout Feature is Soundtrack
-
Java Compiler Would Enable High-quality Code, Efficient Memory Use
-
Anti-Piracy Concerns Spread to Europe
Ad Choices