Stories
Slash Boxes
Comments
NOTE: use Perl; is on undef hiatus. You can read content, but you can't post it. More info will be forthcoming forthcomingly.

All the Perl that's Practical to Extract and Report

use Perl Log In

Log In

[ Create a new account ]

neilh (8614)

neilh
  (email not shown publicly)

South East UK based. Perl, C, C++ hacker

Journal of neilh (8614)

Wednesday June 24, 2009
03:38 PM

Phishing by Visa

[ #39170 ]

Our old monitor seems to be on its last legs, so I've just been to Scan's website (from where, >10 years ago, the now dieing monitor was bought) to replace it. Found one I liked, then tried to pay for it. Unfortunately, like most online merchants, they've been bullied into implementing 3D secure (aka Verified by Visa/MasterCard SecureCode).

Oh how I laughed when NoScript popped up a warning saying that it just blocked a XSS attack from www.securesuite.co.uk (which was trying to POST back to www.scan.co.uk).</sarcasm>

So, not only does the user experience to all intents and purposes look exactly like a phishing attempt, a successful payment gets blocked by security software. Thus, in order for 3D to work (remember this protocol is designed to make the purchasing on the web "more secure"), I have to make my PC less secure?!?

Anyone would think this had been designed by a government.</despair>

The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
 Full
 Abbreviated
 Hidden
More | Login | Reply
Loading... please wait.
  • Some institutions that need to be secure get it, most do not. You quickly come to realise that a lot of so called "security" is actually "security theatre". It sort of looks secure and that's more important that being secure.

    I'm no banking or security expert but it is very clear that lots of things that should be secure are not well done. Sometimes it's because real security is hard and it may put off customers, sometimes it because the marketing people are in charge and sometimes I can't fathom why it's do

    --
    -- "It's not magic, it's work..."