Duane writes:
Chances are, unless he was sending credit card details over a wifi network it was unlikely it was intercepted, more likely either his computer had a trojan or the company he was dealing with had their database broken into, and from memory inside jobs are still more common then outside attacks being sucessful. However it's a lot easier to "sniff" a copper phone line then an SSL connection, here in Australia no one would think anything of it if you rocked up with a little white van put up a little man hole tent and started attaching wires in the phone network pitts. I'm sure the same could be said for a lot of countries, then of course if you're friend is sending credit card details via a cordless phone or mobile/cell phone and all you need is to be close + high gain antenna and you can kiss your credit card details good bye...
But once you start digging into all this you start hearing other things, like merchants purchasing a certificate from a commercial CA, then having the credit card details emailed back to the customer or themselves in the clear, or of course weak security in their database...
All of this is relatively trivial compared to the risk of having a human being intercept your credit-card information when you purchase something via human interaction. If you use an Internet site to buy things, chances are that no human beings are involved in the credit-card processing loop (if it's a big site, at least, or if it uses a large CC processing service). Since human beings are the source of fraud, and not computers, this means that Internet purchases are actually more secure than other types of credit-card purchases, overall. When you buy something in person and sign a little slip for it, you give a whole chain of human beings all the information they need to fraudulently charge things to your credit card. The weakest link in security is always the human one, so the fewer human beings you have in the loop, the better.
Additionally, errors that occur in automated processing of credit-cards often affect thousands of accounts, and are thus rapidly noticed and fixed. Errors that occur in the processing of a single credit-card charge made by hand are much harder to spot and prove (and thus to fix).
I know.
it's his reaction to it.
and this was also several years ago, before the transactions were as tightly secured, when data was sent over http, rather than https.
if it did result from intercepted data, it was probably from somone tracking the card issuer's site ( visa, mastercard...) for whatever data they could mine.
this is a side issue to the use of extentions though.
any extention to a browser should by default be marked as insecure.
or the developers of the browser could be held liable for damages for not marking it as such.
( flash included )
mozilla has zero control over the extention code, or it's security, therefore mozilla should not allow the extention to be concidered secure by default.
( user can do so, at own risk )
the only thing that mozilla can claim control over for security is the code base for the browser itself.
any tech not 100% mozilla controlled is insecure.
if this attitude is adopted, then it makes end user accept responsability for breaking security.
--
The Best Spam Campain:
snail mail a can of spam to local ( state / province ) leaders, as well as national leaders.
With a note:
use funds to feed homeless and poor in our country before sending foreign aide
_______________________________________________
Mozilla-security mailing list
[email protected]
http://mail.mozilla.org/listinfo/mozilla-security
