Are CRC having major web security problems?
Comments
-
yeehaamcgee wrote:
Right now, no, but Paypal is no more inherently secure.antfly wrote:I hate to bang on, but people, just use paypal online and there's virtually no danger.
In terms of places like CRC it's a lot more secure. The way payments are done means CRC hold no way for anyone to get into your acct. If Paypal was compromised completely then you'd hear about it on the evening news and see it in newspapers. Most PP account compromises are down to people with trojans or falling "victim" to phishing.
Poor website security (including inside jobs) are avoided by and large if you use PP. Of course if you let your PP account get compromised then that's no good.0 -
bennett_346 wrote:Just to be safe can we confirm that paying through a registered paypal account to use crc is still safe?
I placed several orders over the last few weeks before reading this thread so I checked my account. Luckily I used paypal everytime and there are no dodgy transactions showing on my account so it would appear paypal is ok0 -
There's no way of making Paypal 100% secure either though. Anything's hackable, and in this case it seems CRC got hacked.Atz wrote:yeehaamcgee wrote:
Right now, no, but Paypal is no more inherently secure.antfly wrote:I hate to bang on, but people, just use paypal online and there's virtually no danger.
In terms of places like CRC it's a lot more secure. The way payments are done means CRC hold no way for anyone to get into your acct. If Paypal was compromised completely then you'd hear about it on the evening news and see it in newspapers. Most PP account compromises are down to people with trojans or falling "victim" to phishing.
Poor website security (including inside jobs) are avoided by and large if you use PP. Of course if you let your PP account get compromised then that's no good.
If it was paypal that got hacked, you'd be just as frigged.0 -
Paypal is inherently much more secure. End of.Smarter than the average bear.0
-
Not really the same thing. Paypal has FAR more of a warchest in terms of securing their infrastructure than CRC can ever hope to have so it's less likely. Yes, theoretically there's a chance most things COULD be compromised but in terms of risk management for technical security, my money would be on PP being better than 99.99% of all other payment processing. The main issue with most ebusinesses is they don't really take a complete view of security, they tend to take a partial view on the assumption some event won't happen.
In terms of THIS event, it's not the case that CRC being compromised has any way to cause the leak of peoples PP accounts, which was the point of the thread.0 -
I thought the point of the thread was to ascertain whether or not CRC has been hacked.Atz wrote:In terms of THIS event, it's not the case that CRC being compromised has any way to cause the leak of peoples PP accounts, which was the point of the thread.
Hacking Paypal would be theoretically easy. create a copycat website, and force a redirection to it, or use a very similar name.
Once people are on it, record their usernames and passwords etc.
BOOM, bob's your uncle. You can now use their details to buy things with paypal.0 -
No... that is not doing anything to paypal. That's phishing. They're two different things.
The CRC attack is not likely to be phishing because people have actually bought things from CRC.0 -
If you can redirect people from paypal to a dodgy site, it requires some clever hacking.
Or if someone was to just hack the site.
At least with Visa, you have the thing that asks you for 3 random letters of your account password, without knowing them, you can't buy things online. Well, you can, but it makes it far far more difficult, since that information is never fully revealed in one transaction.0 -
yeehaamcgee wrote:If you can redirect people from paypal to a dodgy site, it requires some clever hacking.
Or if someone was to just hack the site.
Websites like Paypal will have a valid SSL certificate. When you navigate to Paypal, your browser will check this. If you receive a warning that the certificate is invalid, or it doesn't have one leave well alone.0 -
Crc has an SSL certificate too.
Seriously, why the fanboi behaviour about PayPal?0 -
yeehaamcgee wrote:Crc has an SSL certificate too.
Seriously, why the fanboi behaviour about PayPal?
I'm pointing out that fake phishing sites will not have a valid SSL certificate. It has nothing to do with Paypal or CRC for that matter.0 -
Why phishing? A redirect could be planted on their site.
You know what though, I give up. I now acknowledge that PayPal and it's servers and websites are the only known completely 100% secure, unhackable pieces of digital paraphenalia in existence.
Happy now?0 -
More pointing out that, you know, you're wrong again
0 -
yeehaamcgee wrote:Why phishing? A redirect could be planted on their site.
You know what though, I give up. I now acknowledge that PayPal and it's servers and websites are the only known completely 100% secure, unhackable pieces of digital paraphenalia in existence.
Happy now?
Chill dude, we all know that no internet payment system is 100% secure, its about minimising risk. I believe you mentioned a redirect to a 'dodgy site' on the previous page. A redirect from Paypal will still not display a valid SSL certificate, your browser should warn you of this.0 -
Epic, epic facepalm.0
-
yeehaamcgee wrote:Epic, epic facepalm.
Why not explain? I can engage in polite conversation, can you? 0 -
That's the facepalm of me just giving up.jimexbox wrote:yeehaamcgee wrote:Epic, epic facepalm.
Why not explain? I can engage in polite conversation, can you?
My whole, and only point is that NO system is secure. You seem to lack any shred of capability to accept that.0 -
yeehaamcgee wrote:.
My whole, and only point is that NO system is secure. You seem to lack any shred of capability to accept that.
Do you actually bother reading other replies? I've already posted that no online payment system can be 100% secure.
It was you that suggested that a redirect to a fake paypal site or one with a very similar name could be used to dupe unsuspecting users. I've pointed out the security measures that are already in place that are designed to authenticate that the hosts server is actually owned or used by the website in question, and strong encryption is used to transfer data over the internet.
Do you not accept this, or would just prefer to insult other forum members?0 -
So a hack that takes the input from a site, and redirects it is impossible? Right.
There's been a lot of posts on here suggesting that Paypal is the be all and end all of security. It's not. Any system is fallible.
Yet you keep arguing "nah nah nah nah nah, it's as safe as houses".
Telling people that it will always be safe is dangerous.0 -
What's being said is Paypal is inherently more secure than most others because they can afford a very robust multi layered security approach backed up with skilled personnel. You'll not directly hack into any paypal accounts database long enough before setting alarm bells off, being detected and thwarted and that's assuming you get anywhere near one at all, and assuming you can decrypt it this side of the next 300 years.
It could be possible to breach their security, anything is possible given time and resources, but if you think about the resources at the disposal of global organised crime syndicates that try their luck and every other lucky chancer out there, that they have contend with on a daily basis. You'd have to be pretty exceptional, lucky or on the inside to do damage.
But none of this changes the fact that no one here knows what the exact situation is with CRC and it's website.0 -
You realise that a company contracted for government hacking counter measures was hacked into last month, right? That company specialised in CIA, NSA and other government security platforms, but a bunch of random hackers made them look like a bunch of complete dickwads.
They even gained root access to one of their servers by getting a teenage girl to pretend to be one of the employees who'd forgotten her root password.
Now if that's a defence contractor, do you REALLY have faith that Paypal is as secure as you claim?
THAT is my concern, that you're giving people a false sense of security.0 -
blister pus wrote:But none of this changes the fact that no one here knows what the exact situation is with CRC and it's website.
I don't think it's the site as my card got hit on Tuesday after they refunded back onto my card for something I bought about 3 weeks earlier.0 -
i'm saying paypal security pisses on the vast majority of alphabet soup agencies security and it's the agencies who took a long hard look at the approach paypal take. The only stuff within a government / military that's properly secure is the stuff that never sees the light of day anyway, like i said in another post.0
-
I know you're saying that, but what the hell are you basing it on?blister pus wrote:i'm saying paypal security pisses on the vast majority of alphabet soup agencies security0 -
basing that on the developers who did the firewalls and the lousy state of government / military cyber security in general. Gary McKinnon's case being a current example. agencies started looking at what the big boys in industry were doing a long time ago. Google and the NSA have lived in each others pockets for a while now.0
-
So you are absolutely certain that Paypal's security is the best on the planet?0
-
No, I'm saying it's one of the best in industry doing that particular job. Stop looking for absolutes in this thread, there are none, we've already established that. apart from secure high tech military intelligence comms facilities buried deep beneath places like pine gap, and they're secure for lots of different reasons.0
-
Again, I see no real proof of this. All I see is a lot of people trying to spread stories that nothing is as secure as paypal, when in fact we should always be on our guard.blister pus wrote:No, I'm saying it's one of the best in industry doing that particular job.0 -
yeh well. your inability to read and comprehend has already been established further up.0
-
Bollocks has it. There's still people (like you) claiming that we'll all be fine using paypal. There's no guarantee.blister pus wrote:yeh well. your inability to read and comprehend has already been established further up.0
