[cobalt-security] RE: CreditCard - (laughing)

["Nicolae" <nicolaep@xxxxxxxxxxxxxxxxxx>]

Use a PGP designed system... use 1/2 on the server 1/2 on the email type
of cart.

I worked on few sites using a bad commerce.cgi, agoracgi and even Miva
script!

These people had Miva access logs and transaction as old as 2 years! 2
Freaking years
of credit card/logs!

We're talking about 50 transactions a day with credit cards, you do the
math onto how
many transactions.  I deleted 90% of them to speed up the cart and
compact it daily/weekly.

They even had issues with duplicate unique keys that wouldn't compile.
I am / was amazed
of lack of careless, viruses, and such...

It is fairly easy to get in, bypass the "miva" admin login and once you
are in... you've got
everything, and I mean everything.  It's scary...  Being hosted on Win2k
is making it even worst.

Interland is even stupider by getting hit with viruses, exposing
directories and having more
trouble tickets open than closed.  Also having "domain.*/report" open so
some of the domains
had detailed WebTrends Enterprise reports for everyone to look at.. and
I'm sure if you see them
you can get a bit of information on them.

P.S. Interland is too busy acquiring/buying everyone out there and
focusing less on themselves.
2nd P.S. I guess I couldn't wait for the new RAQ.  I 'gots' me a
SuperMicro - Super Server and I
will run a 2.0 GIG MHZ and 1.5GIG RAM for under 1200$... Comes with all
the dual Ethernet Intel
Mobo, up to 3-4 gig of ram option... I will sure miss the ChilliSoft.
This will be mainly for
music broadcast and bandwidth eating aps ;)

--
Nicolae