Reply to post: Re: Even using third parties, there are issues

Shut the front door: Jewson 'fesses up to data breach

handleoclast

Re: Even using third parties, there are issues

Oh yeah. Big time.

Somewhere on Jewson's site is a link to the payment handler. Doesn't matter if it takes you to the payment handler's page decked out in Jewson finery, if it's an iFrame or some Web 2.0 thingummyjig. Somewhere there's a link. So if you hack into the Jewson site you can change that link and mount a MITM attack.

Which means you can't offload your security problems onto the third-party payment handler. You must ensure that your own site is secure. And periodically monitor that the link hasn't been tampered with (details left as an exercise for the reader, because a clever attacker will take steps to fool such monitoring, like detecting the IP address requests come from).

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021