Give Me Cake

CakePHP Baking, Internet Marketing, SEO, Design and more

SG websites security lapses

Posted on | January 21, 2009 | No Comments

See this article on Straits Times

Article Link

Sensitive information should be encrypted before transmitting thru the network!

Examples of sensitive information includes

  1. Login
    Frequently, we use the same login id and password for several websites. A compromise on one website will lack to unauthorised login for rest. Say for example, you are using lollipop as password for online forum, email, facebook, friendster. If the online forum is compromised, the login username and password could be tried on your email website, facebook or friendster.
  2. Credit Card Information
    Imagine giving someone a shopping spree treat by transmitting your credit card number in email. Now who uses secure email? Hands up! Who know whether they are using secure or non-secure email? hmmm I see a lot of hands.

    Just yesterday, when booking hotel rooms, the hotel replied us, asking for my flight information and our credit card information to reserve the rooms. Well. Thanks to Mr PS for the reminder that it is not secure to transmit credit card information via email. Bad practice! You hotels should ask for the credit card information via an online form with secure connection. We end up forgoing that promotion but booked rooms using the online form instead.

  3. Address, SSN, IC No.
    Identity theft.
    Avoid publishing online your address, SSN, IC No, even phone number unless it is your business phone number.

Ways to Secure Data

  1. Passwords should be encrypted on client end before sending. Hashed version to be used for comparison.
  2. Credit Card numbers, SSN, IC No should be masked out leaving the last few digits
  3. Address if not necessary should not be printed out in email or web pages.

Thanks to Mr PS for supplying the link to an interesting article.

Now if you are confidence about your website or you need someone to test run your website to uncover security loopholes, you will be interested to know that Mr PS is offering his service. Email givemecake @ dev-work (d_o_t) com with your contact information and he will follow up with you.

No TweetBacks yet. (bookmark
Category: Application Development
Tags: , , ,

Comments

Leave a Reply





  • Give me Cake?

    Givemecake.dev-work.com a collection of web application development tips, tutorials and resources.

  • Give Me Cake

  • See Your Ads Here

  • See Your Ads Here

  • Meta