| 1:22 pm on Sep 17, 2004 (gmt 0)|
The article states the exact search that reveals credit card numbers and complete matching user information. It appears that Google has contacted the top results because those pages have been taken offline. However you can still click on the Google's cached version. This issue has been around for a long time and will always be around as long as there are stupid people managing databases with personal information. Another common problem is college databases with social security numbers that are accessible via the web.
If you are worried about your information, DO NOT search for your credit card number. This will only expose your credit card number to more unsecure databases.
| 10:58 am on Sep 18, 2004 (gmt 0)|
I still can't believe that people are submitting their credit card details without checking for the secure logo in their browser. They just assume that it is safe.
Even more astounding is that I receive two or three emails a month from people detailing their credit card information in emails! And they're not even supposed to be coming to me, they are trying to email their bank and my web address is similar. Sometimes I wish I was more dishonest, I could retire earlier ....
| 12:13 pm on Sep 18, 2004 (gmt 0)|
Trying to soothe consumer fears with stories like this surfacing every day makes our jobs so much more difficult.
Maybe we should start a post on the best security practices for your online business. Security doesnít seem to be discussed that much here.
Self taught webmaster donít really have a clue about security, me included. We rely on other people to guide us, sometimes with devastating consequences.
So what are you all doing to secure your data?
| 12:20 pm on Sep 18, 2004 (gmt 0)|
problem about dicussing security in too much detail here is it gives "wannabee script kiddies "etc too many ideas ...
even tho we know only "nice people" use WebmasterWorld ...
| 3:08 pm on Sep 18, 2004 (gmt 0)|
Hmm Ionce ran a search to see how easy it would to get thiskind of detail from teh web, my first attempt produced a list of passwords and user names for a South African uni.
Th ePW were for logging it to their email accounts of the heads of department. Pretty amazing really.
| 4:16 pm on Sep 18, 2004 (gmt 0)|
If you're an online merchant, unless you have a subscription-based service there is no manditory reason to actually keep full credit card information for purchases - just keep the first and last 4 digits so you can resolve chargebacks etc (or keep a hash of the full CC number if you want to get fancy). You'll never have to worry about your customers being compromised by a mishap or a hacker.
It means that users will have to retype their CC info to make another purchase, but if they are wanting to buy something (and have made a purchase before) its not a huge barrier.
| 6:11 pm on Sep 19, 2004 (gmt 0)|
I heard that now google can be indexed SSL (https). You can check it out from searching this inurl:https directory in google. You will see the first listing is Secure URL. If that, what going on with Secure page?