Comments on: Who the fuck is yaron shohat and why does he want my social security number http://paddymullen.com/2009/05/21/yaron-shohat/ The flypaper of my mind Sat, 4 Feb 2012 17:25:42 -0500 hourly 1 http://wordpress.org/?v=3.0.6 By: Ted http://paddymullen.com/2009/05/21/yaron-shohat/#comment-2140 Ted Sun, 12 Dec 2010 23:09:02 +0000 http://paddymullen.com/?p=77#comment-2140 It is legit. That's the terribly sad part. I went through the bank's Verified by Visa links and it takes me exactly to the same site. Worst is that the text on the securesuite.net FAQ says, "to administer your account, login to the xxx bank's site", which ironically, redirects to a subdirectory at securesuite.net It is legit. That’s the terribly sad part. I went through the bank’s Verified by Visa links and it takes me exactly to the same site. Worst is that the text on the securesuite.net FAQ says, “to administer your account, login to the xxx bank’s site”, which ironically, redirects to a subdirectory at securesuite.net

]]> By: Joe http://paddymullen.com/2009/05/21/yaron-shohat/#comment-2115 Joe Tue, 14 Sep 2010 01:32:18 +0000 http://paddymullen.com/?p=77#comment-2115 Same experience. My issue is that the URL for securesuite.net includes the string, opt_in_dispatcher . And the fact that I cannot just proceed without opt-in. That makes this site questionable, whether or not it's administered by a "legit" organization. Same experience. My issue is that the URL for securesuite.net includes the string, opt_in_dispatcher . And the fact that I cannot just proceed without opt-in. That makes this site questionable, whether or not it’s administered by a “legit” organization.

]]> By: jack wong http://paddymullen.com/2009/05/21/yaron-shohat/#comment-2104 jack wong Sat, 19 Jun 2010 22:51:12 +0000 http://paddymullen.com/?p=77#comment-2104 I just tried to buy a few dollars worth of credit on Skype.com and a similar thing happened when I tried using my CapitalOne credit card. I noticed that securesuite.net was in the address bar and not Skype......hmmmm... This is really sucky and piss poor from a security point of view for credit card companies to be playing around with crap like this!! I just tried to buy a few dollars worth of credit on Skype.com and a similar thing happened when I tried using my CapitalOne credit card. I noticed that securesuite.net was in the address bar and not Skype……hmmmm…

This is really sucky and piss poor from a security point of view for credit card companies to be playing around with crap like this!!

]]> By: annoyed by securesuite.net http://paddymullen.com/2009/05/21/yaron-shohat/#comment-2089 annoyed by securesuite.net Mon, 01 Mar 2010 02:59:25 +0000 http://paddymullen.com/?p=77#comment-2089 I can't believe that JetBlue does that. That was truly a horrid online experience. I was convinced that it was a phishing scam. Why the hell are they asking for SS digits? I can’t believe that JetBlue does that.
That was truly a horrid online experience.
I was convinced that it was a phishing scam.
Why the hell are they asking for SS digits?

]]> By: Eric Baird http://paddymullen.com/2009/05/21/yaron-shohat/#comment-2063 Eric Baird Fri, 25 Dec 2009 20:32:24 +0000 http://paddymullen.com/?p=77#comment-2063 Yep, there seem to be people running critical stuff at Visa who appear to know nothing about internet security. We're told never to enter our card details into an unknown popup window, and then Visa's securty system asks us to do exactly that. We're told that if we're dealing with a reputable financial company, they'll NEVER suddenly switch us to an unfamiliar domain name mid-way through a transaction. And that's exactly what Visa does. Who the hell are securesuite? Never heard of them. Why isn't the Domain explicitly a Visa site? That'd at least give us the comfort of knowing that if the domain was fraudulently labelled, that the owners were probably comitting an offence somehow. But if you enter your card details into a completely unknown domain whose name doesn't hook up to anything you've ever heard of, and it goes wrong, then that's negligence on your part. We're told that any user who'd do this is behaving irresponsibly. But they still ask us to do it. And it gets even worse. One of the giveaway signs of a phishing site is that their domain is one letter away from that of another "respectable" domain (say, micrcsoft.com). "Securesuite" sounds like a one-letter spin on "securesite", so the name immediately sets alarm bells ringing. So who the hell at Visa doesn't know these things? And what the hell are they doing being allowed to set up redirects and javascript stuff on a Visa security site? Yep, there seem to be people running critical stuff at Visa who appear to know nothing about internet security.

We’re told never to enter our card details into an unknown popup window, and then Visa’s securty system asks us to do exactly that. We’re told that if we’re dealing with a reputable financial company, they’ll NEVER suddenly switch us to an unfamiliar domain name mid-way through a transaction. And that’s exactly what Visa does. Who the hell are securesuite? Never heard of them. Why isn’t the Domain explicitly a Visa site? That’d at least give us the comfort of knowing that if the domain was fraudulently labelled, that the owners were probably comitting an offence somehow. But if you enter your card details into a completely unknown domain whose name doesn’t hook up to anything you’ve ever heard of, and it goes wrong, then that’s negligence on your part. We’re told that any user who’d do this is behaving irresponsibly. But they still ask us to do it.

And it gets even worse.
One of the giveaway signs of a phishing site is that their domain is one letter away from that of another “respectable” domain (say, micrcsoft.com). “Securesuite” sounds like a one-letter spin on “securesite”, so the name immediately sets alarm bells ringing.

So who the hell at Visa doesn’t know these things? And what the hell are they doing being allowed to set up redirects and javascript stuff on a Visa security site?

]]>