Printable View
Hello All,
Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it? I called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?
Thanks.
buahahhahahahahhahahhahahha no, unless there server is not connected to a network that is conected to the internet, then there is some risk. It would also have to be burried somewhere very deep that way no one has physical access to it either. Chances are you spoke to someone that si just trying to reassure you that everything is ok, when in fact it is possible to do what you are asking. It may be harder for large companies that take the time and money to secure there stuff, but it is far from impossible.
All members will say yes to that question. Now as far as:Quote:
Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it?
Thanks.Quote:
called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?
No its no so. The person you were speaking with told you what you wanted to hear, or just to get you off the phone either way the person should have not told you that. Sorry for the in-correct information.
Listener:
Simply put, there is no such thing as security where computer are concerned when they are connected to the internet. It's very easy to give yourself the illusion of security but it is just that, an illusion. This company is suffering from the illusion of security I'm afraid.
However, rather than just alarm you, I will expand a little.... ;)
The "art" of security is the balance between effort and reward. In other words, can I make an attacker expend more effort than the reward is worth to him. Added into the equation, is risk. Risk on the part of the attacker. My job is to make it sufficiently difficult for him to gain entry that it becomes apparent that I am also looking for traces of his tiptoeing through my defenses. If I can show him that I take security seriously, (with properly set up firewalls, up to date patches, warnings about illegal activity, etc. etc. etc.), then he has to conclude that the risk of getting caught is high. Then it's his choice.... Does he think the potential reward gained from a successful intrusion and egress without detection exceed the risk of getting caught and not only not getting the reward but also having to deal with the punishment.
The level of security a company requires is dependent upon the risk assessment they do on their own business. The risk assessment determines the "cost" to the business of a successful intrusion, (whether it is detected or not). In the case of the business you are involved with the probability is high that they take security seriously and have employees that are skilled in the "art" of security. I say that because the reputation of the business _is_ it's bottom line.... If the reputation goes bad they will have no customers, with no customers they have only expense and no income... which means they lose their shirts.... Which they don't want to do.
As to being told that "tampering is impossible".... That's a standard "company line" to the customers.... The person telling you that knows no more about computer security then you do.... But that's what he's been told. Where you to ask what _exact_ measures the company takes to protect your data you will get the standard "We do not divulge the security systems we have in place because....." answer..... It's what you'd get from me too..... ;)
Listener, also remember, their server maybe completely impenetrable (bear with me here) but a simple email from their Database Admins saying they have lost your records, and could you send them your username and password, or credit card information etc etcQuote:
Originally posted here by listener
Hello All,
Is it possible that an enemy could hack a large commercial site where I have an online shop and compromise my email and shopping cart, so that I might be getting traffic and never know about it? I called cust serv of this business (cafepress) and was told that tampering with the site is impossible since it rests on their secure server. Is this so?
Thanks.
There a just too many methods of attack to be completely prepared. But as a website dealing with money, they are going to be alot more secure than your best mates phpNuke/BB site running with all defaults...
Be reliant on the fact they are offering you a service, and will have to (as an internet company) follow certain rules to protect themselves aswell as their clients best interests.
Be Alert No Alarmed (stupid aussie anti terrorism quote, fits well though)
This pretty much sums it up:
-ch4rQuote:
The only system which is truly secure is one which is switched off
and unplugged, locked in a titanium lined safe, buried in a concrete
bunker, and is surrounded by nerve gas and very highly paid armed
guards. Even then I wouldn't stake my life on it.
well i ve heard that there was this company which was hacxked by some hacker and he stole all the transactin numbers and started to black mail the company that if they did not pay him a a hefty amount he would post all the credit card numbers on the net ,
of course that was a along time ago and the hacker was also caught and put behinde bars