View Single Post
Old 07-26-2012, 06:48 PM   #23
brk-lnt
Senior Member
 
brk-lnt's Avatar
 
Join Date: Aug 2007
Location: South Down Shores
Posts: 1,937
Thanks: 532
Thanked 568 Times in 334 Posts
Default

Quote:
Originally Posted by Boston Fireguy View Post
It might've been hacked through one of the many 'secure' web sites I frequent.
A "secure" website only means that the data travelling between your computer and the server for that website is encrypted. It means nothing about how the data is handled by that remote server once it's actually received (in ANY case, the data has to be decrypted at the other end in order to process it).

It's a slightly extreme case, but that "secure" site could be taking your information over a secure link, and then posting it up to a publicly accessible webpage. This is of course not very *likely*, but entirely *possible*.

Most credit card leaks come from sites that store user information in a poorly architected database, and access to this database is then compromised from the outside. In fact, if a remote exploiter gets access to a companies customer database, they could possibly be downloading that info over another *secure* link.

The little password lock in your browser doesn't mean a whole lot at the end of the day, and frankly it covers the part of the transaction (PC to server communications) that is of the least interest overall because it's generally hard to monitor that data stream remotely in any practical way. You'd have to compromise the server (for the most part), and once you've done that, you might as well just grab the whole database, instead of information coming in dribs and drabs over the network connection.
__________________
[insert witty phrase here]
brk-lnt is offline   Reply With Quote