|
||
|
||
|
Server Time: 12/1/2008 2:41:58 PM PACIFIC |
 Neteller's lack of interest on security, mongeron, 4. Oct 2003 03:56 | ||
| View ( Message | Thread ) | Return to Thread List | |
| Hello all, For the last few weeks or so, I've been trying to get an answer from Neteller about their apparent lack of security on some parts of their site. I haven't received any answers to my questions, which I find quite troublesome. They did ask me to call them, which I won't do, I won't spend my money on solving their security issues. So, this is the third E-Mail I sent to them: Hello, I sent an E-mail a few weeks ago asking why there is quite insufficient security practices concerning the debit card information. I haven't received ANY answer on this issue. Just to remind you, if you accidentally did delete this mail: The chat feature you are using (LivePerson) isn't encrypted. Anybody who has sufficient access to the Internet can eavesdrop on the traffic. Therefore private information cannot be submitted via it. When I asked about my debit card balance, you told me to make an international call. This is totally unacceptable. Why the information is not available on the website? Well, after pointing this out to the support staff at LivePerson, it was told to me in the chat, which once again is INSECURE. Then, when I asked a listing of my debit card transactions, it was sent unencrypted via E-mail. Once again, anybody could take a look at my private information, provided he has the access in the Internet. Why isn't this available online? So, the questions, which need an answer: 1) Why is the LivePerson chat feature unencrypted? 2) When there will be a secure live support feature? 3) Why do you use the insecure E-mail instead of properly secured feedback in your Neteller web site? 4) Why there is no balance / transaction information available for the debit card at the web site? 5) When will the balance / transaction information for the debit card be available at the web site? I would like to have some kind of answer to these questions until the end of the week. Otherwise I'll have to bring these issues out to the public, who can then decide if your service is what they want. ..... This is the only reply I got from them: Hello, If you would like to call in at 1 888 258 5859 / 001 403 233 9466, security will be more than happy to answer your questions. Thank-you NETeller Support Daniel .... This behavior makes me think that Neteller isn't too concerned about the site security, nor too concerned about the privacy of their customer information. Hope you find this information interesting. - mongeron | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, hokie95, 4. Oct 2003 05:26 | ||
| View ( Message | Thread ) | Return to Thread List | |
| What's wrong with calling a 1-888 number? That's toll free, isn't it? (But I agree they shouldn't be sending any info. over unencrypted lines.) Related question for you tech guys: I was on UB last night and there was some guy using the handle "Dutch Boyd" threatening to hack into people's computers if they didn't send him money. I figured he was just an a$$. If you could do that, just do it and skip the additional blackmail charges if you're caught. My question, though, is: could someone detect enough information through UB to be able to get into my computer? What precautions can I/should I take? I sent an email to UB customer service, we'll see if anything happens. | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, mongeron, 4. Oct 2003 12:23 | ||
| View ( Message | Thread ) | Return to Thread List | |
| on 4. Oct 2003 05:26 hokie95 wrote: > What's wrong with calling a 1-888 number? That's toll free, isn't it? It cannot be used from abroad. | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, kimmi690, 4. Oct 2003 15:50 | ||
| View ( Message | Thread ) | Return to Thread List | |
| Make sure you notify the support team at UB, they will take care of that guy and block his isp....the really reputable sites wouldn't risk a lawsuit over lack of security, they make too much money. The guy is probably mentally challenged, don't sweat it...just notify the support team with his user name and tell them about the incident! Kimmi :) | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, Boftx, 6. Oct 2003 12:02 | ||
| View ( Message | Thread ) | Return to Thread List | |
| on 4. Oct 2003 05:26 hokie95 wrote: > Related question for you tech guys: I was on UB last night and there was some guy > using the handle "Dutch Boyd" threatening to hack into people's computers if they > didn't send him money. I figured he was just an a$$. If you could do that, just do > it and skip the additional blackmail charges if you're caught. My question, though, > is: could someone detect enough information through UB to be able to get into my > computer? What precautions can I/should I take? > > I sent an email to UB customer service, we'll see if anything happens. It is *trivial* to hack into an unprotected machine if you know the IP address for it. You should *always* be running a firewall of some kind, especially if you have cable or DSL. BlackIce and Norton are both very good and simple to configure. Windows NT, XP, and 2000 also have built in firewall capabilities but are hard to work with by themselves. Having said that, I have no reason to think that you can obtain the IP addresses of other player using UB software. | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, NCD, 13. Oct 2003 11:47 | ||
| View ( Message | Thread ) | Return to Thread List | |
| "there was some guy using the handle "Dutch Boyd" threatening to hack into people's computers if they didn't send him money" I seriously doubt that he's a credible threat. Anyone who really is good enough to do it isn't going to tell you about it, they're just going to do it quietly. Anything is possible but remember all the money that's at stake in the online gaming industry, it's billions. Do you really think they haven't already created several teams of super-guru's to do nothing but make sure that no-one figures out an exploit before they can find it and patch it themselves? Why do you think the games keep getting new updated versions? It's not to change the graphics! The real money is in being good enough to get on that team. I have a friend who does similar low-level computer security work for a major Swiss bank, the kind with numbered accounts. He works 3 days per week, 6 hours each day, and takes down almost a hundred grand for just that contract alone. Imagine if he was working 40+ hours? NCD | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, hokie95, 13. Oct 2003 12:13 | ||
| View ( Message | Thread ) | Return to Thread List | |
| That's what I figured. What is the best possible way to protect a machine that is running on a cable modem? (Other than the obvious -- unplugging it from the wall.) If someone wants the $200 I keep in my UB account at any given second, well, then I guess they can take that risk to go get it. But, for peace of mind, what type of security software do you guys run? | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, MozMan, 13. Oct 2003 21:27 | ||
| View ( Message | Thread ) | Return to Thread List | |
| Best thing to do is invest in a decent hardware firewall. If that seems to pricey for you, at least install a software firewall. You can download ZoneAlarm for free from http://www.zonelabs.com/ and be protected within five minutes while you look into the possibility of a hardware firewall. -Moz "There's too much caffeine in your bloodstream, and a lack of real spice in your life." | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, MozMan, 4. Oct 2003 07:09 | ||
| View ( Message | Thread ) | Return to Thread List | |
| hmm... I'm not sure how it works now, but when I installed LivePerson for a company about 3 or 4 years ago, it was using SSL with 128 bit encryption. Maybe LivePerson has changed that, but I don't see why they would. -Moz "The Queen is dead, boys, and it's so lonely on a limb." | ||
| Return to Thread List | ||
| Re: Neteller's lack of interest on security, mongeron, 4. Oct 2003 12:26 | ||
| View ( Message | Thread ) | Return to Thread List | |
| on 4. Oct 2003 07:09 MozMan wrote: > hmm... I'm not sure how it works now, but when I installed LivePerson for a company > about 3 or 4 years ago, it was using SSL with 128 bit encryption. Maybe LivePerson > has changed that, but I don't see why they would. When I check the security information on the chat screen, it shows that there is no encryption. Furthermore, the URL is just "http", so there is no SSL encryption present. | ||
| Return to Thread List | ||
| POKER FORUM HOME | POKER FORUM | LINK TO US | ARCHIVE | ONLINE POKER | Copyright 2002, United Poker Forum |
|
Getting Started |
UPF Tournaments |
Poker News, Views, Rules |
Poker Strategy & Psychology |
Money and Bankroll Poker Bonuses & Promotions | World Series of Poker (WSOP) | Play Online Poker | Poker Odds & Statistics | Tournament Poker | Poker Books, Videos & Learning Tools Looking for a Poker Game | Poker Bad Beats | Not Quite Poker | Quizzes and Polls | Forum Suggestions & Bugs |
|
|
|
|
Interesting Links: Online Poker | Free Poker Games | United Poker Network |
|