is this a secure site?

Discussion in 'Computing' started by Andy, Jun 4, 2006.

  1. Andy

    Andy Guest

    A site is requesting credit card payment with http://secure.etc as the URL.
    How secure is such a site?
    I thought the secure sites always had https:// at the start.

    Thanks for your comments.
    Andy
     
    Andy, Jun 4, 2006
    #1
    1. Advertisements

  2. Andy

    TyBreaker Guest

    Funny, the site doesn't exist for me so sure aint bonafide. You're
    right about secure sites having https. Anyway, were you trying to buy
    something or is it just some out of the blue web site that is asking for
    your credit card details?

    --
    ______ ___ __
    /_ __/_ __/ _ )_______ ___ _/ /_____ ____
    / / / // / _ / __/ -_) _ `/ '_/ -_) __/
    /_/ \_, /____/_/ \__/\_,_/_/\_\\__/_/
    /___/

    There are 10 types of people in this world; those who understand the
    binary numbering system and those who don't.

    There's no place like 127.0.0.1.

    ASCII a silly question, get a silly ANSI.
     
    TyBreaker, Jun 4, 2006
    #2
    1. Advertisements

  3. Andy

    Andy Guest

    Sorry, I didn't include the complete URL. Hence the "etc". It's to pay for
    hotel accommodation in Perth.

    If you got to
    http://www.australia-hotels.com.au/perth-accommodation-specials.html#bonuses
    and click on the "Book Now" button on the right it takes you to the
    "secure"site.
     
    Andy, Jun 4, 2006
    #3
  4. Andy

    Hunter01 Guest


    The site wanting you to make the booking is hanging off of a WestNet
    ADSL line. Also seems to be "Discover West Holidays" or "Kalhaven
    Holdings" (who've been around since 1996). Doesn't seem to use https
    even when you get as far as the credit card though.
     
    Hunter01, Jun 4, 2006
    #4
  5. Andy

    Andy Guest

    Thanks, Hunter01. Is it a secure site then?
     
    Andy, Jun 4, 2006
    #5
  6. Andy

    Ernest Guest

    Some secure sites have a general web page for initial access
    and then go to a https page. Some cons claim to be a secure
    site and have proper looking URLs but you have to look at the
    actual address to be sure what it is. Often it is best to actually
    re-type a URL than just 'click the link' or cut and paste - this goes
    around any spoofing in the original message to the stated URL.

    Regards,

    Deadly Ernest
    (all typos fault of server or
    other gremlins)
     
    Ernest, Jun 4, 2006
    #6
  7. Andy

    Hunter01 Guest


    It is a genuine site by all looks, but I dunno about the secure part. I
    dunno that I'd call any webpage including https that takes a credit card
    secure. Debit cards are the best way to be secure, and only ever
    transfer enough into them to pay whatever you're buying.
     
    Hunter01, Jun 4, 2006
    #7
  8. Andy

    Fred Guest

    You'll have to decide yourself whether you want to take their word for it.
    from http://www.australia-hotels.com.au/accommodation-market-privacy.html

    "Your credit card details are kept TOTALLY SECURE using the latest
    encryption technology."
    "ACCOMMODATION MARKET takes reasonable steps to ensure that your personal
    information is stored securely and accurately."

    "You can contact ACCOMMODATION MARKET through the normal means shown in the
    contact section."

    "We work hard to keep your personal information private and totally securing
    your transactions with us."
     
    Fred, Jun 4, 2006
    #8
  9. Andy

    TyBreaker Guest

    I wouldn't supply my credit card details over the net unless the
    connection was encrypted - I even force my browser to use SSL 3.0 rather
    than 2.0. So the fact that they are not encrypting their connection
    throws into doubt all their promises regarding the security of their
    transaction system. In situations like this, I'd be inclined to ring
    them instead and do it over the phone.


    --
    ______ ___ __
    /_ __/_ __/ _ )_______ ___ _/ /_____ ____
    / / / // / _ / __/ -_) _ `/ '_/ -_) __/
    /_/ \_, /____/_/ \__/\_,_/_/\_\\__/_/
    /___/

    There are 10 types of people in this world; those who understand the
    binary numbering system and those who don't.

    There's no place like 127.0.0.1.

    ASCII a silly question, get a silly ANSI.
     
    TyBreaker, Jun 4, 2006
    #9
  10. Andy

    Craig Welch Guest

    If you carefully read what they said, they made no claim to secure
    transactions.

    They simply promised that your credit card details would be *kept*
    secure, once they had them.

    The site is definitely not secure. I went all the way through with a
    booking, using a phony credit card number. Even got a confirmation
    number! I had to change browsers mid-way, as it wasn't happy with
    Mozilla. Not impressed with that, I don't like downgrading to
    Explorer.

    I was going to ask them why it wasn't secure, but they don't provide
    an email address!
     
    Craig Welch, Jun 5, 2006
    #10
  11. Andy

    TyBreaker Guest

    Um, ever heard of the term fraud?


    --
    ______ ___ __
    /_ __/_ __/ _ )_______ ___ _/ /_____ ____
    / / / // / _ / __/ -_) _ `/ '_/ -_) __/
    /_/ \_, /____/_/ \__/\_,_/_/\_\\__/_/
    /___/

    There are 10 types of people in this world; those who understand the
    binary numbering system and those who don't.

    There's no place like 127.0.0.1.

    ASCII a silly question, get a silly ANSI.
     
    TyBreaker, Jun 5, 2006
    #11
  12. Andy

    Craig Welch Guest

    Yep.

    Your point?
     
    Craig Welch, Jun 5, 2006
    #12
  13. Andy

    Uncle Bully Guest

    That site is dodgy as all hell.
    Not only is it not secure, It actually says it is even though it isn't (a
    straight out lie).
    I gave it a demo with fake details and it sends your credit card number in
    plain text (ie not secure), then it sends your number back to you again in
    plain text.

    I would stay well clear of this site.
     
    Uncle Bully, Jun 5, 2006
    #13
  14. Andy

    TyBreaker Guest

    Plugging in a credit card number and proceeding to the point of a
    confirmation means you have made appearances to be a genuine customer
    but have fraudulently supplied bogus funding. If the owners of the
    service wanted to, they would probably like to lynch you in a legal
    sense because you would appear to be yet another credit card fraudster -
    I mean I'm sure they've probably had real fraud attempts in the past and
    you would appear to be another. Not sure how well your argument would
    be that you were simply testing their site's security - sounds like what
    every hacker says. Besides if you got to that point, you're relying on
    a jury to be sympathetic to you rather than the service provider. At
    best, you may come out of the whole shebang declared innocent in the
    eyes of the court but everyone who knows you would be wondering.

    Why not avoid all the risks and give them a call if you have doubts, or
    go elsewhere?

    --
    ______ ___ __
    /_ __/_ __/ _ )_______ ___ _/ /_____ ____
    / / / // / _ / __/ -_) _ `/ '_/ -_) __/
    /_/ \_, /____/_/ \__/\_,_/_/\_\\__/_/
    /___/

    There are 10 types of people in this world; those who understand the
    binary numbering system and those who don't.

    There's no place like 127.0.0.1.

    ASCII a silly question, get a silly ANSI.
     
    TyBreaker, Jun 5, 2006
    #14
  15. TyBreaker wrote something like:
    Of course they are already being fraudulent by claiming that their site is
    secure, which it is quite obviously not.

    Placing fake details in their site will do nothing. There is no chance of
    any loss of money or property. The transaction will simply fail.
     
    amosf © Tim Fairchild, Jun 5, 2006
    #15
  16. Andy

    Andy Guest

    Thanks all.

    I will stay clear of it.


     
    Andy, Jun 6, 2006
    #16
  17. Andy

    Kirilenko Guest

    Anyone can create a sub-site with secure.*.

    All sites have 2

    ..
    www.

    Then you can have whatever you want and can name them whatever you
    want. If you name it secure it doesn't have to be secure.
     
    Kirilenko, Jun 6, 2006
    #17
  18. Andy

    Craig Welch Guest

    What funding? It wasn't a valid credit card number, so no funding
    was applied to the transaction.
    They're welcome to try. What do you reckon they would charge me
    with? Have they suffered a loss because of anything I've done?
    No, I've not attempted to gain any advantage from them.
    That's what every hacker actually does. Do you know what a 'hacker'
    is?
    A jury of ordinary mortals would be horrified to learn that travel
    agents like this make false representations to the travelling public
    that their website is secure when it's not.
    Everyone who know me would be laughing their tits off.
    a) I have no doubts. Their website is not secure.

    b) I don't need to elsewhere. I had no intention of using them in
    the first place. I have a good travel agent. One *without* a
    website.
     
    Craig Welch, Jun 7, 2006
    #18
  19. Andy

    Craig Welch Guest

    Once again please, this time in English.
     
    Craig Welch, Jun 7, 2006
    #19
  20. Andy

    Kirilenko Guest

    That was in English

    All sites have 2 sub-domains

    ..
    www.

    Then you can have whatever you want, and can name them whatever you
    want. If you name it secure it doesn't have to be secure.

    ie

    you can have

    craigwelch.
    craig.
    welch.
    itisinenglishcraig.
     
    Kirilenko, Jun 7, 2006
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.