Archive

Archive for July, 2007

Dear Walmart: Your Online Security Blows

July 27th, 2007 30 comments

Gather around kids, this is gonna be a fun one. I might even get sued, finally. Yay!!1

Recently, on some random news station, I heard about Walmart’s new “Money Card” which is nothing more than a prepaid Visa card. Just like any other such card, it has a website where you can check your balance, add funds to your account, etc. Alternatively, you can have your account information stolen, be exposed to hardcore XXX porn, or line the pockets of a bottom-feeding douche bag while trying to reach the site. Why? Because Walmart, just like most companies, is nothing short of retarded when it comes to internet security and protecting their brand in the online world.

Walmart Money Card

But, but, but… Their site says that it’s secure. It even has a nifty little seal on it from Thawte verifying that it’s protected by RC4 128-bit encryption.

Thawte Seal Yeah, so what? I said that all those evil evil bad bad things could happen to a person while trying to reach the site. I never said that they’d actually make it there. Your good ol’ Uncle Buck or Aunt Charlene who’s not too savvy on that there interweb, but falls perfectly into the demographic of folks who would have a Wally World prepaid money card, is likely to mistype the web address. That’s why any security-minded company who wants to protect their customers and brand’s image would / should at the very least register all of the most common typo domains when setting up shop on a new domain – especially if it’s a financial kinda deal. In Walmart’s infinite wisdom, they did no such thing.

After hearing about this new Walmart card and the accompanying website, I checked to see if they had registered and were forwarding over traffic from one of the most common typos: the full web address prefixed with a “www”. Typing out “www” and then forgetting or simply missing the dot afterwards is commonplace among eTards and fast typers. Sure enough, wwwwalmartmoneycard.com was wide open. So, I registered it. Just for good measure, I went ahead and registered almartmoneycard.com today too. Missing the first letter of a domain is also pretty common. Luckily for Wally World, I snagged those domains with the sole intent of using them as an example for this blog entry. This could have played out much differently…

Read more…

Categories: General Tags:

MySpace inadvertently flagging accounts as phished

July 2nd, 2007 49 comments

The latest fiasco to rip though MySpace Land screams what everyone already knows: incompetence is the only strong suit of the crew over there. Hopefully, Tom and Chris will get kicked to the curb in October and Rube will completely clean house over there. If not, I guess I’ll see all you on Facebook in the coming months.

Anyhoo… When I was on MySpace a bit ago, I tried to reply to a message. Instead of getting the message sent I was greeted with a cute little “your message did not pass the spam filter” response. When I tried to resend the message I was told that my account had been phished. lolz

MySpace Phished

Their phished account flagging system has always been a bit glitchy, so I wasn’t surprised. When I went to change my password through the link provided to unlock my account I was greeted with the below:

MySpace Phished

^^^ Do you see the problem? The fucking captcha image is broken. Hitting refresh several times didn’t help things, so I logged into MySpace via Internet Explorer instead of FireFox thinking that it might be a we is be retarded and no know how make websites work in multiple browsers properly issue. Well, that didn’t help either.

Read more…

Categories: MySpace Tags: