Remember Unsecured Websites?

I have highlighted in my previous posts on how unsecured GSC and Astro websites are when it comes to maintaining personal information on the net.

GSC came back to me after I wrote to them on the issue and I was not surprised on the polite but “I tak kisah lah” (I don’t give a damn) type of answer that I got:-

Thank you for your patience in waiting for our reply regarding your concern. Let us explain to you that it is normal practice for personal information of financial and security nature to have the security layer you were referring to, but not for non-financially related personal profile information, e.g. GSC’s website member registration.

This can be seen for all cases of web based mails (my note: ya, right! see here for one wrong example) and membership systems, as it impacts on usage performance. You may be interested to know that for our online ticket purchase (E-payment) segment , the entire flow is on a separate SSL (HTTPS) based server as sensitive financial information like credit card numbers are keyed in.

Ok, perhaps someone did not understand my point. So, I elaborated further:-

Thank you very much for your quick response.

I am aware that it is non-financial related information and it may impact the server’s performance but it will not impact much (and hardware can always be upgraded). My reason for concern is that personal information is often used for ID Theft cases. Web based mail and membership system may require personal information to be submitted over unsecured line but most do not require very detailed information.

You may refer your website consultant to the following URLs for further information on ID Theft here and here.

Making your webpages (especially those requesting for NRIC) more secure will assist your organisation in better management of your member’s database security. I am sorry but I am not convinced on the level of security for me to indulge detailed personal information over unsecured line. Thank you again for your quick response and I hope to see a better webpage security in the future.

I though all hope was lost until I stumbled on this webpage over at Reader’s Digest. Yes, it asked for personal information but it was not too detailed to have everything under the sun and the best part, it was in a secured page. Now, here is someone who knows what is going on out there.

Perhaps some amateur webmasters need to go back to school. Their ignorance baffles me!

Advertisements

5 thoughts on “Remember Unsecured Websites?

  1. The “tidak-apa” attitude was also thrown at me once, by a prominent Malaysian company’s website (no names la, ok?). After enquiring why didn’t they implement a higher security measure on their website (i.e. https), their answer was simply that they don’t expect hackers to waste time by stealing information (i.e. personal data) coz apparently hackers have very less use for Malaysian citizens’ data. WHAT THE FUCK??!!!! I guess they haven’t heard about identity theft, where a single IC number or even an e-mail address is enough for someone to assume ur identity over the Net.
    Maybe an American hacker wouldn’t have much use for a Malaysian’s identity (maybe, just maybe), but surely we have local hackers who would relish the chance of acquiring such information. Or are they implying that Malaysians don’t have enough expertise to do such work?
    Any excuse given by anyone regarding the lack of security implementations in the Net is surely oblivious to the gravity of the issue. Their actions scream ignorance and idiocracy. Unless we deny our tolerance for such ignorance, we may never have the protection we need.
    I totally agree with what Balajoe has to say: “Perhaps some amateur webmasters need to go back to school.”

    Like

  2. Kavilan – that’s so normal of Malaysian websites because they always think that there is no one going to hack. Maybe someone need to organise a contest for all hackers out there to hack as many Malaysian websites possible. Perhaps, just perhaps then some of the webmasters will wake up from their slumber sleep!

    Like

Please let us have your reply...

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s