Sunday, February 19, 2006

Birthright Israel: Bad/Insecure website design

I started to fill out the online Birthright Israel application (here), and noticed something very strange. It asks for my name, email address, a password, birthdate, and the last four digits of my social security number. What's wrong with that? All of it gets transmitted over the Internet as clear text! Anyone snooping Internet traffic between my computer and theirs could, in theory, grab and store all of that information. Presumably, the rest of the application asks for other personally identifiable information (like my address). The snooping man in the middle gets just enough information to begin a process of identity theft. Security problems like these were resolved years ago through the use of secure encrypted HTTP connections. Why the sloppy and potentially dangerous application? I asked Birthright. Let's see if they answer.

Technorati tags: ,

Comments: Post a Comment

<< Home

Links to this post:

Create a Link