GLINN GAY BUTTON ARCHIVE, Gay Lesbian Buttons and Banners

Return to the donation form by closing this window.

Why Our Forms are Secure without SSL

Did you know that SSL (secure) forms and web pages are a gimic on many sites? The SSL only protects the information you are typing into the form. Once you click submit, the form will likely be split up among a number of packets of data, which are then mixed in with millions of other packets generated by the customers of your ISP. There is no guarantee that all the packets would be routed over the same circuit, so a hacker/cracker would likely not even be able to see every packet of any particular user even if he wanted.

For anyone to sniff these packets off of the Internet (which has never been proven to have happened with criminal intent or results) the person would need access to a T1 line and a number of computers. They could only look for packets going to specific sites, not likely a tiny site like ours would be targeted. The person would have to make changes to the router that connects them to a backbone, something the backbone provider is likely to discover. Normally only the packets addressed to their IP block would go through their router. Every packet of data on the internet takes the best route to its destination. The packets are not echoed all over the Internet. Every router on the internet has a routing table that directs every packet over the most efficient route.

They could also only sniff packets of data that were on the backbone that they used that passed the point of the backbone they were connected to. There are many internet backbone operators, so the odds of a hacker (or cracker) being on a segment our traffic passes is unlikely at best. Anyone with the skills and wherewithall to do this would be able to make a lot more money legally.

Once you complete the form and submit it, the entire form is emailed. In our case, the web server and the email server receiving the form are on our private internal network behind a firewall, so the packets never leave our network.

The cases of credit card numbers being stolen are all inside jobs by employees. Here, only the CEO has access to credit card and checking numbers. There have been a couple of cases where databases of credit card numbers were hacked. Our credit card and check orders are not stored on a computer that is accessible from the Internet which was the case of those hacked. It is much less safe to give your credit card to some underpaid retail clerk or waitress. In a few cases, bogus software has been distributed and it was programmed to send its creator credit card and other information from users' personal computers. These things, like virus programs and trojans, are an entirely separate issue having nothing to do with the security of online forms or web sites.

CUSTOMERS ARE NEVER HELD RESPONSIBLE

Address verification is run on all credit card orders which eliminates most fraudulent attempts. Even if a credit card number with expiration date or checking account number is stolen, the customer is never held liable or responsible in the case of Internet orders. The customer never gets burned, nor do the credit card companies. Credit card companies bitch about internet credit card fraud, but in reality, they usually don't lose the money, the merchant does. In every case, the merchant gets burned. Retail merchants who actually have the card and run it and get a signature are protected. Internet merchants never have a signature, so they get burned every time.

In all the years we have been in business, including the two years we operated a nationwide dialup ISP, all the fraudulent credit card charges were due to people stealing numbers in a retail or similar enviornment where the card was physically presented, or where done by roommates, lovers, former associates of one type or another who once had access to the person's credit card, or in rare cases, where the credit card was lost or stolen, but few people would bother signing up for internet access or buy products on a site that have to be shipped to a street address with a card that they actually physically possessed and could use to purchase merchandise.

WHY INTERNET SECURITY IS OFTEN A JOKE.

There are hundreds of shopping mall sites. Hundreds of sites allow merchants to open online stores. These sites use SSL secure pages, but this is usually a poor joke on the customer. The SSL protects what you are typing into the form on the site, which is the hardest thing to intercept to begin with. Then the site sends the order form to the merchant in plain text as an email message, which is much easier to intercept if someone really wanted to, plus it has all the information packed together in a small number of data packets.This is totally insecure, but nobody needs to go to that much trouble to steal credit card information and the companies know it. Secure pages are a security blanket for the nervous customer and the digital certificates and other parts of it are just more ways for security businesses to make money.

It is much easier to get forms from a retail merchant or carbons out of a trash can. The credit card information itself is only good for online and phone orders. Anyone shipping mechandise is likely to do address verification and not ship the merchandise anyway. Credit card fraud operations want to have the signature with the card info to make up actual duplicate credit cards that can be used at retail establishments where they can walk away with expensive merchandise.

HOW YOUR CREDIT CARD NUMBER REALLY CAN GET STOLEN

The big credit card companies are engaged in redesigning their cards to make them more difficult to forge and to make it more difficult to use stolen cards. This is a partial solution and needs to happen. However, MC/Visa think this is a complete solution and that's where everyone is going to lose. MC/Visa/Amex are already redesigning their cards to be more internet friendly. Unfortunately, they are convinced this is a total solution to the problem so they are not developing anything ELSE to deal with the problem. The fact is that most hackers get stolen credit card information by setting up a website and collecting it straight from the cardholder. Incorporating special "codes" on the back of the card is never going to solve the problem because any hacker is going to be able to steal the cardholder's information without any extra difficulties. The card companies still believe hackers are spending their time "sniffing packets", using card generators or similar technically oriented methods to intercept credit cards. This is nuts and its completely wrong. Its MUCH easier to setup a porn site and get REAL credit card information. This is the primary way hackers get your credit card information. It takes all of about 30 minutes to setup a site and start taking real cardholders information (pincodes and all) - hackers already know and practice this. When security/pincodes are implemented the only thing that will change is that all hackers will need to have a couple of fake websites to steal your credit card information. Even when systems are secure, hackers can get in by doing what they call "social engineering" which is to talk someone into revealing the information they want.

SO IS THERE HOPE?

The fact is Mastercard and Visa are both completely out to lunch. They are convinced that pincodes/security codes on the back of a credit card will completely eliminate fraud. They are so convinced they have it all figured out they have eliminated all other means for an internet merchant to deal with fraudulent credit card use. This is one of the reasons that this site uses iBill for billing, because iBill kinds a database to help protect merchants from credit card fraud. For the customer, this is a good reason why you should sign up only at sites that provide full contact and identity information, such as Gayadult.com..