Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
- https + security
April 1, 2008, 11:02 pm
rate this thread
Re: https + security
You've asked a poorly constrained question unfortunately. All SSL
does is secure the data in transit between your web browser and the
web site (and the strength of that is dependent on which ciphers the
web site supports, how your browser is configured, and whether "click
and make it happy" users pay attention to certificate warnings that
might tip off a man in the middle attack if it were to occur. Despite
those smallish risks, with https you can be relatively certain that no
one will sniff your credit card data off the wire for the fractions of
a second it flies over the wire to your web retailer of choice.
Now the bigger trouble lies more on both ends of that connection.
First your own computer--is it clean? How do you know? Trojan
keylogger installer perhaps? Using IE7 and its built in support of
ActiveX makes it an awfully rich target. Vista has its issues as
well, but isn't really the malware target of choice yet since its
adoption has been tepid at best.
On the website end, the security of your data is at the mercy of the
web application developers much more so than the SSL. Web application
vulnerabilities are exceedingly common, and vulnerabilities that allow
attackers to dump database contents are equally common.
But... do you care? The liability with your credit card to you
personally is really quite small. You're very very protected in your
card member agreement against fraudulent charges, probably much more
so than any other form of payment. If your credt card is compromised,
it's pretty easy to see, charges pretty easy to dispute, and your
personal liability for that is probably limited to $50. So long as
you do due diligence in scrutinizing your monthly statements you
should be fine.
Be more worried about your personal information,
name/adress/ssn/mothers maiden name and things that could be used to
establish credit in your name that you may not necessarily know
And remember, every time you give your credit card to a waiter at a
restaurant, your credit card it probably more exposed than it'll be at
an online retailer. And no one much gives that practice a second
thought. As well they shouldn't--because the card issuer assumes so
much of the liability of unauthoried use.
Now if you wanna get worried... access to your bank account and online
billpay, and auto deductions from your bank account are the scarier
Re: https + security
That would depend on the site.
Are you sure that neither the site nor your computer has been compromised?
If so, it is probably as safe as handing your card to the girl at the
Meaning it isn't safe but it is not any more dangerous than driving to
In other words, I put my credit card number into web sites that I trust.
The compromise is more likely to be on your computer or the site than on
the network along the way, but anything can happen.
please pardon my infinite ignorance, the set-of-things-I-do-not-know is an
email@example.com remove ch100-5 to avoid spam trap