Vocal Voices

[Workingman]

I am surprised at how many people are so blase about their data.

But I am not going to preach, They only have your name, address, phone number, email, bank details, PIN(s) if you use more than one card, as well as your buying habits. and they make shed loads of money selling and buying your info with other retailers, not just supermarkets. Who cares; what could possibly go wrong?

And the stuff I buy tends to be very similar pricing in most of the shops so may as well get the nectar points whilst I can - I use them for my Christmas food shop.

Bazoomba, the truth is told! The loyalty card price is more like the "normal" price in other shops, i.e. the card prices are fake - also 1 point per £1 spent - get a 'free' coffee at Nero by only spending £400, £500 gets you a £2.50 chicken and £3000 will save you 50p to top up with 10ltr at ESSO. Wow!

Details,

[miasmum]

I have loyalty cards everywhere, I like my points I treat myself.

Interestingly most of the sites I use are secure the only one that is not secure is this one.

So I try to remember to change my log in frequently

[Workingman]

Whatever. See what I posted about points.

HTTPS only secures the connection between the server and your browser, it does not control what the website you are visiting then does with your data. That's up to them.

Research.

[Kaz]

This, from Mick

I understand that someone has raised a concern over the site security

There is no access to anyones passwords, they are encrypted on the database.

There is no personal data stroked on the server

The server is maintained to the latest security patches by the service provider

The insecure message is due to us not using certificates to encrypt the data in transit between the browser and the webserver.

The credentials are passed as post data hidden inside the login request, subsequently the login status is passed to the server as a obscurated session cookie. The user name and password are not passed.

The only way to observe any data is for a man in the middle device such as a proxy, which is unlikely in a non corporate environment.

The most likely attack vector is for the browser to be subject to a keylogger installed by some Trojan horse malware.

Given the nature of this site there is no real need to encrypt the transit data. It would not be worth the effort of harvesting data in transit

In other words, you’re quite safe.

[miasmum]

Hi Mick

I wasnt concerned, things like this don't concern me. I change my password often as that is what was suggested I do, by my other half.

I am probably one of the least paranoid people around so please don't feel you had to reassure me, but thank you for doing so and I will show my husband your comments as he does worry more.

Meanwhile I will go back to my online shopping and deciding what I will buy next with my accrued Morrisons points.

[Workingman]

Kaz. I get all that and agree with Mick - VV is a message board. fcol.

Commercial sites, such as supermarkets, mining your data and selling / buying it on the net are a different animal.

But it people want to play, hey, go for it. Don't bitch if you ever get scammed or played, OK? I will have no sympathy.

[saundra]

The only thing I really worry about is this. trend towards going cashless if the internet
gets down what happens

[Workingman]

The only thing I really worry about is this. trend towards going cashless if the internet
gets down what happens

You're screwed. Always, always, have some cash.

[Suff]

Saw you had it pretty locked down Mick. Also agree that there is no real need for a registered certificate and to do encryption in transit. In fact none of the public data needs to be encrypted at rest either. Nor most of the private stuff.

The cert warning is an irritant mainly but needed to allow the security of the password. For me it's a bit more annoying as Kaspersky also stick's it's oar in. I have to approve it 4 times from time to time.

[Kaz]

Thanks Suff.