[3127] in WWW Security List Archive
Re: Bloomingdales security?
daemon@ATHENA.MIT.EDU (Chad Schieken)
Wed Oct 2 10:08:37 1996
To: www-security@ns2.rutgers.edu
Date: Wed, 02 Oct 1996 08:20:59 -0400
From: Chad Schieken <cschieke@advsys.com>
Errors-To: owner-www-security@ns2.rutgers.edu
>
> On Tue, 1 Oct 1996, John Lehmann (SSASyd) wrote:
>
> > Reassured by the friendly "your Order Form is encrypted using D.E.S and
> > M.D.5 protocols" I started tapping in my credit card details and poised
> > with my finger (well - finger substitue, really) over the submit button
>
> Well, to be sure they aren't lying, you must examine the HTML and
> the action attribute on the <form> element. That is the point
> where they could swithc to https: and hence be telling the truth.
> Dave Morris
Well I checked and how does this look:
<FORM METHOD=POST ACTION="/scripts/order.exe">
I see no refernce to protocal. The URL of the page I am at is bascically
hidden
because the use Frames.
<flame>
This kind of crap is what is going to lead to the downfall of the planet earth
</flame>
Ok, now that I feel better I wonder if by saying that your credit card numbers
are encrypted if that constitutes false advertising?
later...
chad
------- End of Forwarded Message
