RE: NON-Secure Credit card info transfer from time.com/pathfinder .com

From: jpaquinat_private
Date: Wed Oct 17 2001 - 14:26:23 PDT

Next message: Trustix Secure Linux Advisor: "TSLSA-2001-0025 - util-linux"

Previous message: Trustix Secure Linux Advisor: "TSLSA-2001-0023 - OpenSSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> The problem is that while the page 
> 
> https://www.pathfinder.com/subs/books/forms/td/tdspecialed01.html
> 
> itself is secure, as noted by the "https" at the beginning of the URL,
> when you click the "Submit Order" button, the html in that page
> reading:
> 

That doesn't seem to be the only problem. Press "submit" on that page
without actually filling anything in, you'll be taken to the actual
order page. Now, check the URL. It appears that upon calling that page
you may substitute anything you wish for any of the values, including
price and shipping cost. Perhaps upon submission they check the price,
they aren't getting my credit card order quite yet.

Perhaps ordering that issue at any price you'd like will get them to fix
it.

Jacques Paquin

application/x-pkcs7-signature attachment: smime.p7s

Next message: Trustix Secure Linux Advisor: "TSLSA-2001-0025 - util-linux"
Previous message: Trustix Secure Linux Advisor: "TSLSA-2001-0023 - OpenSSH"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Oct 17 2001 - 16:57:51 PDT