Ovid (publius_ovidius) wrote,

Bad Graphics == Bad Security?

For a while I was unemployed and living off of credit cards. While unemployed, I racked up some credit card debt (surprise, surprise). Today, I was most pleased to pay off one of my cards. I paid online and that, I think, was a big mistake. I was rather concerned because their Web site was poorly designed. It was slow, it wasn't clear how to navigate and had graphics worthy of a third-grade HTML page. I ignored that but frankly, that should should have been a tip-off. If they couldn't spend the money to make it look professional, why should they care about professional code on those areas where you can't see it?

After paying my bill, I started thinking about that and figured I would check out what they set for my cookie. I like reviewing cookies from time to time because they can be rather informative. If I had access to your computer and you used this site to pay off your credit card, here's what I could learn just by glancing at your cookie:

  • What company (if any) the card was issued to.
  • Your login name on the site.
  • Your first and last name (as it appears on the card).
  • What email address you used to register with the site.
  • The last date you logged into the site on.
  • Your credit card number.
  • Your PIN number.

Gosh, at least they weren't foolish enough to list the expiration date! Then we might have a security problem.

Oh, and the cookie doesn't expire for a year.

  • Post a new comment


    Anonymous comments are disabled in this journal

    default userpic

    Your reply will be screened

    Your IP address will be recorded