CNBC shows how not to handle a security screwup

Sometimes the best lessons happen in public and are based on our mistakes. Take a look at the series of errors taken by CNBC related to collecting passwords from their online readers. The commentary is a bit wild, but I think the passion shows the level of expectation sought for such a reputable business.

When someone entered a password into the text box and hit the button, a lot more was going on than a test. The password was being sent over the site’s http (unencrypted) connection to CNBC’s third-party partners, such as ScorecardResearch and SecurePubAds (DoubleClick).

After posting the findings on Twitter, a researcher who works on Let’s Encrypt (free, easy https for websites) joined the dogpile. He added that — inexplicably — CNBC was also saving the passwords to a Google Docs spreadsheet when the user hit “submit.”

Source: CNBC shows how not to handle a security screwup

Advertisements

2 responses to “CNBC shows how not to handle a security screwup

  1. My partner and I absolutely love your blog and find the majority of your post’s to be just what I’m looking for.nDoes one offer guest writers to Click https://twitter.com/moooker1

  2. Valuable writing . I loved the info – Does someone know where my company could obtain a sample USPS PS 991 document to fill in ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s