Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror

Slashdot videos: Now with more Slashdot!

  • View

  • Discuss

  • Share

We've improved Slashdot's video section; now you can view our video interviews, product close-ups and site visits with all the usual Slashdot options to comment, share, etc. No more walled garden! It's a work in progress -- we hope you'll check it out (Learn more about the recent updates).

×
Security

Journal: D-Link/BSecure Site Sending Credit Card #s In Clear

Journal by Excelcia

I decided to activate the SecureSpot service on my D-Link router yesterday. After trialing it and being very happy with the configuration and flexibility of the service itself, I decided to pay for the service. The checkout page looked like most do, and I've become so accustomed to them now that I almost clicked the submit button before checking the URL (note: you need a SecureSpot trial membership to access the page). Whoa there cowboy, that protocol is http, not https. So, thinking that maybe some use of frames was disguising the true URL of the checkout page, I looked for the trusty lock icon on Firefox that depicts a secure site, and it too was missing. Ok, the warning bells are now clanging, so I go back to the beginning, all the way back to the original SecureSpot login page. It sports a gold VeriSign seal, claiming to be secure. No https, no lock. I look all through the SecureSpot configuration control panels and none of it seems to be using SSL. So as I'm logging into the BSecure web site that runs SecureSpot, and as I'm setting my family's filtering and privacy controls and passwords, is everything going over the wire in the clear? Both the SecureSpot login and the payment checkout pages sport that VeriSign gold seal. This is supposed to assure me the site is secure, right? From VeriSign's site:

"Gold Seal" is a graphical representation that assures customers that a Web site has been Authenticated and that all transactions are secured by a Secure Site Certificate or a Secure Site Pro Certificate.

I poked through the checkout page source to see if I missed something, and about the only secure element on the page is the VeriSign gold seal. Well, at least their assurance that the page is secure is secure.

Matter cannot be created or destroyed, nor can it be returned without a receipt.

Working...