SSL issues - selling on borrowed/rented security

• Previous message: H Carvey: "Re: managing a SYN flood"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: security-basics@securityfocus.com
Date: 04 Mar 2004 16:49:52 -0600

Hello all

I am starting to conduct a research on the following

There are vendors leasing out shopping carts and SSL to their customers
who want to do e-commerce and attract them by providing a bundle package
of templates, shopping cart and SSL.

I would be apprehensive, as other Internet Security aware people, to buy
from a site that does not have their own SSL. Simply because the
authenticity of the company is not proven. May be the shopping cart
people do some checks, but I know most of them don't.

Moreover, Is this lawfully permissible? Maybe not the best thing to ask
otherwise so many people would not have been doing it. But is it right
to do so and is it not a security concern?

I have experienced sales go up with some sites because now they moved
from a rented shopping cart/SSL to their own. Is there any research that
has been done in the past on something like this?

I would appreciate all your views.
Regards
Aman

______________________
Aman Raheja
AGF Technologies
http://www.agftech.com
______________________

---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------

• Previous message: H Carvey: "Re: managing a SYN flood"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Security, Payment gateway and other B2C related ... Even though this payment gateway suggesting to use their shopping cart, ... Is it mandatory to use SSL to secure the confidential information ... Should I use a shared SSL certificate that is shared across all the ... (microsoft.public.dotnet.framework.aspnet) Re: Shopping cart, session on SSL ... > I am using ASP session object's SessionID on non SSL connection to ... All products and cart status pages are on non SSL connection. ... One way would be to store the shopping cart in the database ... (microsoft.public.dotnet.framework.aspnet) Re: ASP Session ... I don't want to put everything in SSL as the most of the big vndors online ... >> I've developed a shopping cart app in ASP, to secure transaction by SSL, ... How can I track user session from non ... (microsoft.public.inetserver.asp.general) [UNIX] Shopping Cart Arbitrary Command Execution (Hassan) ... Shopping Cart Arbitrary Command Execution (Hassan) ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... (Securiteam) shopsite advisory ... Hackers Center Security Group ... ShopSite Shopping Cart Multiple XSS ... (Bugtraq)