Specifically this one:
http://www.penrhiwpalsc.co.uk/
It looks not right and I'm scared they might try and nick my card details.
Cheers.
How do I Check a Shopping Website's Integrity
- Euro Skank
- 5 minutes to kill
- Reactions: 0
- Posts: 20
- Joined: Fri Jan 03, 2014 9:00 am
- Euro Skank
- 5 minutes to kill
- Reactions: 0
- Posts: 20
- Joined: Fri Jan 03, 2014 9:00 am
Thanks, where do I find out that the site doesn't have an SSL certificate?epidemiks wrote:No SSL certificate, junk url. Avoid.
I'm no techie (and Alexandra will correct if wrong) but I think the secure sites have https in the URL rather than just http.
Yes, but some browsers skip that and indicate it with a lock instead. Then there is the very trusted certificates that make the whole address bar green in some browsers.
penrhiwpalsc.co.uk has the following in its footer claiming they do have SSL (from both VeriSign and RapidSSL apparently):
but that's just nonsense.
Bless
penrhiwpalsc.co.uk has the following in its footer claiming they do have SSL (from both VeriSign and RapidSSL apparently):
but that's just nonsense.
Bless
- salvajeuno
- I Am Losing It All to the Internet
- Reactions: 0
- Posts: 1399
- Joined: Mon Jul 04, 2016 2:54 am
- Location: Cat Lady Towers
This is a view of Firefox w/ green padlock in the address bar. I clicked on the lock to bring up the security info.
இ லொவெ ம்ய் டௌக்ஹ்டெர்ஸ் மொரெ தன் அன்ய்தின்க் இன் தெ வொர்ல்ட்
-
- I have Cheap Mobile Internet
- Reactions: 0
- Posts: 410
- Joined: Sun Dec 25, 2011 7:54 am
- Location: PP
HTTPS does not keep them from nicking your card details. It supplies transport security, this means other machines on the way to the webshop cannot read your card details. Optionally you can verify that you are connecting to the correct webshop and not some clone (read the certificate details).
Besides compromised accounts (choose a strong password, use 2FA where possible) a lot of cc details get nicked because at some point they were exposed in an unencrypted format (e.g. stored in plaintext or with weak/broken crypto on disk/database, in memory, back-end network traffic). This way any rogue employee, malware or cyber-criminal can obtain and sell them. It isn't that hard as most companies still spend more on coffee than security.
Besides compromised accounts (choose a strong password, use 2FA where possible) a lot of cc details get nicked because at some point they were exposed in an unencrypted format (e.g. stored in plaintext or with weak/broken crypto on disk/database, in memory, back-end network traffic). This way any rogue employee, malware or cyber-criminal can obtain and sell them. It isn't that hard as most companies still spend more on coffee than security.
- violet
- Suspicious Little Mad Woman
- Reactions: 291
- Posts: 19717
- Joined: Mon Nov 30, 2009 9:48 pm
- Location: About as far away as can be.
^ 2FA
Two factor authentication (e.g. having a code sent by SMS to your phone).
No charge for the violet interpretation for old people service (VIFOPS)
Two factor authentication (e.g. having a code sent by SMS to your phone).
No charge for the violet interpretation for old people service (VIFOPS)
The mind is not a vessel to be filled, but a fire to be kindled.
- Plutarch
- Plutarch
I did a who is and it is some woman who registered it a couple of months ago
avoid
avoid
pew, pew, pew, pew!
I've made a couple of purchases using my ABA debit card and have been asked to authenticate the purchase via a text code sent to my phone. Something new. So even if they have my card details they can't get money out (there's usually none on it for that reason) until they get authentication from my phone.violet wrote:^ 2FA
Two factor authentication (e.g. having a code sent by SMS to your phone).
No charge for the violet interpretation for old people service (VIFOPS)
-
- I have Cheap Mobile Internet
- Reactions: 0
- Posts: 410
- Joined: Sun Dec 25, 2011 7:54 am
- Location: PP
2FA is based on the principles of something you know (a password, pincode, passphrase, etc.) and something you have (your phone, a dongle, etc.).
The problem with sms based 2FA is:
A. Most Cambodians use their smartphone to access the web and thus receive the code on the same device as where they login to the banking website. An attacker now has to breach only a single device to gain access.
B. Smartphones are small computers, they can get infected with malware simply by browsing websites or by connecting it to an infected computer. At worst, an attacker has to breach 2 devices to remotely access your banking shizzle.
C. What if your phone is lost? Could an attacker gain access to your account? Maybe you saved the username/password combo for easy of use, or they could be retrieved from disk or memory with forensics.
A better form of 2FA are hardware tokens, e.g. the RSA type which display a random number changing every x time or the type that look like a calculator where you insert your debit card and enter your pincode to receive an authentication code.
This said, the risk of becoming an actual victim are pretty low imho. You run a bigger risk from ATM skimmers or a bank/ATM hack like the recent SWIFT attacks.
The problem with sms based 2FA is:
A. Most Cambodians use their smartphone to access the web and thus receive the code on the same device as where they login to the banking website. An attacker now has to breach only a single device to gain access.
B. Smartphones are small computers, they can get infected with malware simply by browsing websites or by connecting it to an infected computer. At worst, an attacker has to breach 2 devices to remotely access your banking shizzle.
C. What if your phone is lost? Could an attacker gain access to your account? Maybe you saved the username/password combo for easy of use, or they could be retrieved from disk or memory with forensics.
A better form of 2FA are hardware tokens, e.g. the RSA type which display a random number changing every x time or the type that look like a calculator where you insert your debit card and enter your pincode to receive an authentication code.
This said, the risk of becoming an actual victim are pretty low imho. You run a bigger risk from ATM skimmers or a bank/ATM hack like the recent SWIFT attacks.
- violet
- Suspicious Little Mad Woman
- Reactions: 291
- Posts: 19717
- Joined: Mon Nov 30, 2009 9:48 pm
- Location: About as far away as can be.
^ YES! (not just limited to Cambodians though)
and no matter how low the risk, ... there's always someone it is happening to.
and no matter how low the risk, ... there's always someone it is happening to.
The mind is not a vessel to be filled, but a fire to be kindled.
- Plutarch
- Plutarch
-
- Similar Topics
- Replies
- Views
- Last post
-
-
Shopping in SIEM REAP Supermarkets
by MarkinAston » Wed Jun 14, 2023 9:54 pm » in Cambodia Speakeasy - 4 Replies
- 680 Views
-
Last post by MarkinAston
Sun Jun 18, 2023 7:49 pm
-
-
-
How useful is this? Website chat/audio/video
by dv8inpp » Wed Jul 29, 2020 3:05 pm » in The IT and Techy Forum - 0 Replies
- 1722 Views
-
Last post by dv8inpp
Wed Jul 29, 2020 3:05 pm
-
-
-
Trouble accessing Aust Govt Website from Cambodia!!!
by scoffer » Sun Jan 15, 2023 10:44 am » in The IT and Techy Forum - 15 Replies
- 2018 Views
-
Last post by guest 8450
Tue Jan 24, 2023 8:46 pm
-
-
-
Website will reveal dual pricing scam in Thailand targeting foreigners
by Bong Burgundy » Wed Aug 05, 2020 12:50 am » in Thailand, Vietnam, Myanmar and Lao forums - 13 Replies
- 3419 Views
-
Last post by Alex
Thu Aug 06, 2020 10:45 am
-