12/11/2014

#rexmundi the dataleak with tobasco.be came from here - so STUPID STUPID STUPID

when you have to make your online account with tobasco to be able to compete for a job, than you have to fill in a form without any SSL protection as we have seen in the previous post

well it gets even better and that is because it is STUPID STUPID STUPID

instead of just asking for your emailaddres and another identifier you have to fill in all your personal details ONLINE without any SSL protection instead of making your profile once you have logged in - without any ssl protection

and instead of emptying the database each time somebody had made his or her account so that the data goes behind the 'closed extranet' it stays public and online (it is a good practice to empty your online public data from your database and migrate it every x hours to a private protected database so that the impact during a breach will be very minimal)

and this is only part of the data of the form

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.