martinibuster - 3:00 am on May 28, 2010 (gmt 0)
If WebmasterWorld did not want criticism, they should not have asked.
I am answering your criticism. You make a serious accusation, that a mod identified himself as a hacker. Let's get to the truth.
I know that moderator. I've spent many hours in his company. I know he is not a hacker. So when you post something that is not true, that he self-identified as a hacker, then I feel it is important to answer your criticism, to little light to it. So let's shine some light on this. ;)
Here is the post in question. [webmasterworld.com...]
You misinterpreted the moderators post. He did not say he was a hacker. Here is what he posted:
>> if you follow the rules
That's the issue. Many smaller shops don't follow the rules for one reason or another which leaves them open to exploitation.
But from a hacker's point of view, why bother with an ecommerce site in the first place? While I maintain that many of them are easy targets, why bother trying to get access to money in transit? It's better to hit the final destination - the banks.
When he says, "from a hacker's point of view..." he does not mean from HIS point of view. Misinterpreting things that are posted in forums is common and this is what happened. You misinterpreted his post. And I would like everyone to go read that discussion because the moderator in that discussion conducted himself in a patient, polite and respectful manner.
Then you reacted to that post with this:
Last post in this forum, I will not further waste my time, I do not hang out in hackers forums, I do not wish to become a target.
But you see, this is all due to a misinterpretation on your part. That moderator was polite to you and not condescending. He was discussing the issue, not insulting you in any way. In fact, his post after yours starts with an apology:
I'm very sorry you feel that way.
I did not mean to mislead you. Yes, some of the CC info was from non-online transactions. I still believe the examples are relevant.
I do believe in ecommerce but I don't believe that ecommerce is as safe as some seem to feel it is and I think it is important to point out that just because a eStore owner buys a cart and SSL cert doesn't mean their setup is secure. There are so many details to ensure an online shop is secure - and not all of them are in the hands of the store owner. I've seen shopping carts with unencrypted cc numbers. I've been told by clients they don't want to delete the CC numbers because they want to hold on to it for some reason (bookkeeping, possible future charges, ease of use, etc.) I've seen hosting companies that don't update their webserver's OS when security patchers are released. I've seen all manner of honest mistakes and plain disregard for security issues. While the total number of people I've dealt with is only a fraction of the all ecommerce I suspect they aren't the only ones to take risks or make mistakes. Does this mean that all ecommerce is at risk. No. But I think it's misleading to say it's safe and secure.
So here we are. You misinterpreted his post. You accused him admitting he was a hacker. It is clear he did no such thing. So what next?
And I apologize in advance if you feel my post is rude or condescending to you. I do not mean it that way. I only mean to answer your criticism and show the truth of the matter. I've taken fifteen minutes away from my daughter's bedtime story to do this for you, I don't have a moment more to spare.
Good luck to you.