|
Article :
31762
Date :
02-04-2008
From :
Todd H.
Sujet :
Re: https + security
"not_here.5.species8350@xoxy.net"
writes:
> How secure is it to put debit card details into https sites?
>
> Thanks
>
> Ps. Browser IE7, cypher strength 256bit
> OS. Vista 32bit
Hi Not,
You've asked a poorly constrained question unfortunately. All SSL
does is secure the data in transit between your web browser and the
web site (and the strength of that is dependent on which ciphers the
web site supports, how your browser is configured, and whether "click
and make it happy" users pay attention to certificate warnings that
might tip off a man in the middle attack if it were to occur. Despite
those smallish risks, with https you can be relatively certain that no
one will sniff your credit card data off the wire for the fractions of
a second it flies over the wire to your web retailer of choice.
Now the bigger trouble lies more on both ends of that connection.
First your own computer--is it clean? How do you know? Trojan
keylogger installer perhaps? Using IE7 and its built in support of
ActiveX makes it an awfully rich target. Vista has its issues as
well, but isn't really the malware target of choice yet since its
adoption has been tepid at best.
On the website end, the security of your data is at the mercy of the
web application developers much more so than the SSL. Web application
vulnerabilities are exceedingly common, and vulnerabilities that allow
attackers to dump database contents are equally common.
But... do you care? The liability with your credit card to you
personally is really quite small. You're very very protected in your
card member agreement against fraudulent charges, probably much more
so than any other form of payment. If your credt card is compromised,
it's pretty easy to see, charges pretty easy to dispute, and your
personal liability for that is probably limited to $50. So long as
you do due diligence in scrutinizing your monthly statements you
should be fine.
Be more worried about your personal information,
name/adress/ssn/mothers maiden name and things that could be used to
establish credit in your name that you may not necessarily know
about.
And remember, every time you give your credit card to a waiter at a
restaurant, your credit card it probably more exposed than it'll be at
an online retailer. And no one much gives that practice a second
thought. As well they shouldn't--because the card issuer assumes so
much of the liability of unauthoried use.
Now if you wanna get worried... access to your bank account and online
billpay, and auto deductions from your bank account are the scarier
bits.
--
Todd H.
http://www.toddh.net/
Posez vos questions, réponses et remarques sur
les forums de FrameIP
|