[Chugalug] OT: Chattanooga Technology Council
cluon at geeklabs.com
Tue Aug 13 19:09:20 UTC 2013
On Tue, 13 Aug 2013, Stephen Haywood wrote:
> If any of you folks have contacts at the Chattanooga Technology Council
> you may want to let them know about a problem with their "join" page.
> Credit card forms should only be used on HTTPS pages.
I see it as: https://www.chattanoogatechnologycouncil.org/join/
Which is HTTPS
But I get warnings: "Connection Partially Encrypted"
The real issue is:
they are using "gravity forms" to collect credit card info,
I'll wager the "CC Info" you supply is stored in plain text or trivially
reversable encryption on the web server, and probably emailed to the Tech
Council in plain text so they can see it, and enter it manually in
someplace else. There is a small chance they are using Gravity Forms +
Stripe http://wordpress.org/plugins/gravity-forms-stripe/ properly
I know you are only an "Average Security Guy", but do you really want to
put that info into a Wordpress site hosted on a shared server at
inmotionhosting.com? It looks like they have a dedicated IP
but their ip address range is shared by spammers, publiclaly published
and I'll again wager they are a shared site, not an isolated virtual
Biggest crime: Not supporting a local(ish) technology company.
How could they possibly be the Chattanooga Technology Council,
located in "GigCity" and be putting their web host in Los Angeles?
More information about the Chugalug