Hackin9′s website

  • Posted by Tyler
  • March 13, 2007

hakin9_12_2008_PL

I just subscribed to 1 year of the digital edition of Hakin9 magazine. It’s an excellent magazine, but their website needs some work. Here are the problems I saw with their site and online ordering process:

  1. The first step in setting up an account on their site will send the user’s new password in clear text in the confirmation email.
  2. The aforementioned confirmation step can be bypassed by using the “forgot my password” feature. Of course, this doesn’t gain an attacker much, because the forgotten password is emailed to the same account. The new, random(?) password that I received was only 5 characters in length.
  3. Their online credit card processing agent, PolCard, displays the user’s full credit card number at a confirmation page (delivered over HTTPS thankfully) and recommends that the user save it to disk.

If this stuff really bugs you, it looks like you can order a subscription over at Amazon instead.

Information and Links

Information
March 13th, 2007
No Responses
Feeds and Links
Comment Feed
From This Author
Del.icio.us
Digg
Technorati
Categories and Tags
Security
Web programming

Other Posts

Write a Comment

Take a moment to comment and tell us what you think. Some basic HTML is allowed for formatting.

Reader Comments

Be the first to leave a comment!