Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

Ovid (2709)

Ovid
  (email not shown publicly)
http://publius-ovidius.livejournal.com/
AOL IM: ovidperl (Add Buddy, Send Message)

Stuff with the Perl Foundation. A couple of patches in the Perl core. A few CPAN modules. That about sums it up.

Journal of Ovid (2709)

Friday October 10, 2003
04:54 PM

Bad Graphics == Bad Security?

[ #15165 ]

For a while I was unemployed and living off of credit cards. While unemployed, I racked up some credit card debt (surprise, surprise). Today, I was most pleased to pay off one of my cards. I paid online and that, I think, was a big mistake. I was rather concerned because their Web site was poorly designed. It was slow, it wasn't clear how to navigate and had graphics worthy of a third-grade HTML page. I ignored that but frankly, that should should have been a tip-off. If they couldn't spend the money to make it look professional, why should they care about professional code on those areas where you can't see it?

After paying my bill, I started thinking about that and figured I would check out what they set for my cookie. I like reviewing cookies from time to time because they can be rather informative. If I had access to your computer and you used this site to pay off your credit card, here's what I could learn just by glancing at your cookie:

  • What company (if any) the card was issued to.
  • Your login name on the site.
  • Your first and last name (as it appears on the card).
  • What email address you used to register with the site.
  • The last date you logged into the site on.
  • Your credit card number.
  • Your PIN number.

Gosh, at least they weren't foolish enough to list the expiration date! Then we might have a security problem.

Oh, and the cookie doesn't expire for a year.

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.