Tuesday, August 30, 2005

Stupid Canoe

I saw a contest to win an MP3 player.
To register I need to open a Canoe Passport account.
To do so, I need to give all my personal information without SSL/TLS protection.

If you are tempted to register, please don't! If someone can't figure out how to turn SSL on their web server, I doubt that they have a clue how to defend themselves against cross-site scripting and other attacks like that.
Besides, I don't wanna risk packet sniffing of my personal information.

The form is here:
http://passeport.canoe.com/cgi-bin/inscription.cgi

I wrote to support about it. We'll see their reaction. I hope we'll see repentance.

And yes, I believe that not caring about the security of senstitive data is stupidity. There is noone in the web development world who hasn't heard of it, all techies are aware of it, and all IT managers should be at this point too. So, I can't see ignorance here, only stupidity.

No comments:

Post a Comment