Scarborough Building Society pulls insecure 'print' form
Scarborough Building Society has pulled an insecure form from its site after it emerged that sensitive information was sent over an unencrypted connection. An online application form for various types of savings accounts invited prospective investors to fill in various categories of sensitive personal information before printing …
"We have experienced a technical issue"
It's not a technical issue, it's incompetence.
AJAX?
I bet it was an AJAX based form, and I bet it was created using some mickeysoft (s)tool.
I mean, come on... to resolve it you don't need to remove the whole form, you need to either: make it send it's requests to a secure server; or remove the validation system for now (replacing with javascript if appropriate as time allows).
Oh well, another one bites the dust!
Sign up, sign up for The Register's weekly IT security newsletter - click here
Popular Whitepapers
- The BI Inflexion Point
Information is a right, not a privilege - Risk and Resilience
The application availability gamble - Register Research on: Agile development - is it right for you
Reaping the benefits of modern software practice - The Register Guide to managing spam
A primer on the implications for enterprise IT - The Register Guide to email security
A primer on the challenges of securing email and approaches to resolving them - High Performance for All
Responding to the needs of compute-intensive workloads
