Saved from Visa

I’ve written before about the Fraudster’s Friend misleadingly named “Verified by Visa”.  Most directly in my post Phished by Visa, though Bullied by Visa perhaps also deserves a mention.

Today I went to place an order with Argos, who I’ve used several times before and who have always – in contrast to some of their competitors – delivered very efficiently.  This time alas the shopping process has become significantly more hassle, and they’ve introduce the VBV cuckoo into the process.  But I was pleased to note that, when I came to the VBV attack, Firefox flagged it up as precisely what it is: an XSS attack, and in the context of secure data (as in creditcard numbers) a serious security issue.

I hope Firefox does that by default, rather than just with my settings.  Though it would be courageous, to take the blame from the unwashed masses who might think VBV serves their interests when it doesn’t work.  Doing the Right Thing against an enemy with ignorance on its side has a very bad history in web browsers, as Microsoft in the late 1990s killed off the opposition by exposing their users to a whole family of “viruses” in a move designed to make correct behaviour a loser in the market (specifically, violation of MIME standards documented since 1992 as security-critical).

Alas, while Firefox saved me from the evil phishing attack, the combination of that and other Argos website trouble pushed me to a thoroughly insecure and less than convenient medium: the telephone.  Bah, Humbug.

Posted on February 27, 2015, in security, web. Bookmark the permalink. Leave a comment.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: