Wetlook World ForumCurrent time: Wed 24/04/24 00:52:21 GMT |
Message # 69838.3 Subject: Re:Discussion Starter With Producers - Insecure Logins To Wetlook Websites Date: Mon 13/03/17 08:36:52 GMT Name: leonmoomin Email: Leon@mostwam.com |
Report Abuse or Problem to Nigel at Minxmovies
|
Thanks, BUT!
Mostwam.tv is just a domain name, not the engine of the site and our payments are handled by a very secure third party payment processor.
From our payment processors
Data Security
Data security is of enormous importance to us, and we take vital steps to safeguard your customers’ information
Our environment meets the highest industry standards and guidelines. Level 1 PCI compliant Xxxxxx is a validated Level 1 PCI DSS compliant service provider.
Industry recognition We're on Visa's Global Compliant Provider List and Mastercard's SDP List.
No prohibited data storage We don't store raw magnetic stripe, card validation code, or PIN block data.
The Basics: PCI Compliance Data encryption via the Xxxxxx Vault Cardholder data is managed in the Xxxxxxx Vault, using multiple encryption keys with split knowledge and dual control. For example, we use multiple encryption keys with split knowledge and dual control. A data thief would not be able to make use of information stolen from a database without also having the key. This data store cannot be connected to via the internet. We also offer secure data migration to the Xxxxxxxx Vault. Authentication and session management We require users to authenticate every time they log into the Control Panel. Passwords are never stored directly in the database, and all API and Control Panel communication between merchants and Xxxxxxx is conducted using TLS (Transport Layer Security). Activity monitoring and testing We review and observe employee, customer, and vendor activity to guard against suspicious or unauthorized activities. We conduct automated vulnerability scans at least quarterly, and at least once a year we have extended penetration testing conducted by outside sources.
Leonmoomin |
In reply to Message (69838) Discussion Starter With Producers - Insecure Logins To Wetlook Websites
By GSK - Sun 12/03/17 21:31:23 GMT The Firefox browser, starting with version 52, has a new security feature - it warns users if logging into a site could be potentially unsecure by showing a grey box.You can read about it here:
https://support.mozilla.org/t5/Protect-your-privacy/Insecure-password-warning-in-Firefox/ta-p/27861
Firefox used a crossed out padlock to warn about insecure sites before, but this new system is better, because it can't be overlooked so easily.
I did a quick survey on a small sample of wetlook sites and was surprised how many of them used unsecure pages for login and some even for entering credit card information!! Results below:
Wamphotography - exemplary security - this website uses a secure page both for login to the site and payments, a positive example to follow! Wetfemme.com - a gross disregard of all security measures, even the page on which you enter the payment details is a plain http page, not an https!!! Wamderland.net - registering for an account is on an http page, not a secure https, login could be compromised, I didn't go further to check the payment process Eurowam.net - seems to be a secure page on their payment processors website for payment, I didn't test the member login as I am not a member Wetfoto com - logging in to the website is not secure - credentials potentially compromised, https not used for login, payment secure through their payment processors Mostwam.tv - loggin to the site not secure, not https, payment is not secure, no https used, credit card details could be compromised!!! Soakingwet.co.uk - the download store uses a secure page for payments through their payment processor Wetlookadventure.com - login to site not secure, no https, payment secure through their payment processors
I meant this post as a discussion starter, so I would like to hear from the producers what they think about this issue, especially on those sites where the payment details are entered on insecure pages, about the practical implications, if there are any. Thank you.
|
Report Abuse or Problem to Nigel at Minxmovies
If you enjoy this forum, then please make a small donation to help with running costs:
(you can change amount)
|
[ This page took 0.017 seconds to generate ]