Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Straighterline security holes - no SSL/TLS encryption?!?!
#11
The credit card portion is likely hosted by a third party which is subject to pci-dss security requirements. The risk you are facing is minimal so I wouldn't sweat it.
BSBA CIS from TESC, BA Natural Science/Math from TESC
MBA Applied Computer Science from NCU
Enrolled at NCU in the PhD Applied Computer Science
Reply
#12
I will only argue to say that they do store personal information, and for that they have a legal obligation to protect it. Luckily they don't store SSN and CC#'s because yes they do link to someone else for CC# or Paypal.

But it depends on their supplier link for PCI DSS compliance. If you chose paypal, sure they are level 1 compliance, but what if it's some cut rate company doing less than 1M transactions a year, then they only need to put ACL's to isolate the "pay" network from the rest of the systems. That's it for level 4, and level 3 not much tougher, both of which I have personally never once seen an audit for.

So I am going to stand my ground and say, they won't get any money from me until its SSL from login to logout, and as was mentioned its not that difficult, I was doing that stuff over 10 years ago when it wasn't so easy like today.
DSST- General Anthropology - 52, Intro to Computer - 469, Technical Writing - 54, DSST Ethics in America - 59 (1996),
CLEP- Sociology -54, College Math - 550(1996), CLEP Principles of Management - 60 (1996)
Aleks Beg Alg,
Reply
#13
PayPal is a customer of mine Wink
BSBA CIS from TESC, BA Natural Science/Math from TESC
MBA Applied Computer Science from NCU
Enrolled at NCU in the PhD Applied Computer Science
Reply
#14
I agree with you on this. This is ridiculous that my Full Name, Address, Phone number, school name, and DATE OF BIRTH, are transmitted and entered in absence of SSL and in plain text to the site. When I signed up for the site and paid, I never noticed, but going back in and trying to make a new account, I notice this as well. In today's environment every sign up page and sign in page should include SSL. The funny thing is, the site is even equipped to handle SSL. Try going to https://www.straighterline.com/site/create-account.cfm or https://www.straighterline.com/site/login.cfm . It will open in SSL. However by default it loads in standard http without encryption. Why would a company be so careless about their customers personal information?
Reply
#15
sorry to be argumentative. But going to https doesn't enable ssl if the server side doesn't support it.
I have attached a screenshot after going to the https, note the only links that https are to other sites, not SL.
quantserve.com
twitter.com
facebook.com
linkedin.com
and scanalert.com

even after logging, only these links stay https


NOTE: not sure why the image is so small, not sure if degreeforum use a fingernail type of option.. but i can PM the screenshot to anyone if they need to see it.


Attached Files
.jpg   Less than 1 minute ago">Screen shot 2012-02-05 at 9.19.01 PM.jpg (Size: 12.89 KB / Downloads: 0)
DSST- General Anthropology - 52, Intro to Computer - 469, Technical Writing - 54, DSST Ethics in America - 59 (1996),
CLEP- Sociology -54, College Math - 550(1996), CLEP Principles of Management - 60 (1996)
Aleks Beg Alg,
Reply
#16
Thank you everyone for posting your concerns. We are working on this issue but as you noted in a few posts above we don't store credit card or SSN on the site. Our shopping cart is SSL and all data submitted is protected. We will update everyone as soon as the "my account" pages have been updated with SSL. We hope to have this issue sorted out in the next few days.

Regarding the McAfee security - they test our site throughout the day for vulnerabilities (it is much more than just checking to see who is linking to our site as one user noted). If you see the seal on our site you are secure in transacting with our site. If the McAfee icon is not on the site they found a problem and alerted us.

Thanks again for pointing out the issues and we should have an update for you in the next few days.
Reply
#17
We are happy to report that all the login and my account pages are now HTTPS. If you find any pages you think should be HTTPS but are not let us know.

Thanks again for sharing your concerns and we hope our updates have confirmed for you our commitment to our students.
Good luck with your courses.
Reply
#18
Responded to your PM with some feedback.
DSST- General Anthropology - 52, Intro to Computer - 469, Technical Writing - 54, DSST Ethics in America - 59 (1996),
CLEP- Sociology -54, College Math - 550(1996), CLEP Principles of Management - 60 (1996)
Aleks Beg Alg,
Reply


Possibly Related Threads...
Thread Author Replies Views Last Post
  Spanish - Learning website security breach bjcheung77 1 1,388 12-24-2023, 01:15 AM
Last Post: Johann
  NYC college student gets 1yr prison sentence in Dubai for touching security guard LevelUP 5 1,047 10-06-2023, 10:25 AM
Last Post: bjcheung77
  StraighterLine acquires Childcare Education Institute bjcheung77 2 1,057 05-16-2023, 11:05 AM
Last Post: glammie83
  Excelsior University & StraighterLine success story! bjcheung77 0 1,006 03-07-2023, 07:24 PM
Last Post: bjcheung77
  Science plus lab alterantives for Study.com/StraighterLine echo64 6 1,391 06-18-2022, 01:27 PM
Last Post: bjcheung77
  StraighterLine - Success Stories bjcheung77 0 1,093 11-08-2021, 10:03 PM
Last Post: bjcheung77
  Straighterline Pharmacology 103 tyson14136 16 4,327 07-09-2021, 10:57 AM
Last Post: eLearner
  Is the Straighterline Biology Lab Kit Reusalble or Consumable? JaronB34 1 1,528 10-25-2020, 07:08 PM
Last Post: Lydclrk
  TEEX - Cyber Security for IT Professionals ?? nomaduser 5 1,448 08-18-2020, 07:00 AM
Last Post: nomaduser
  Cyber security TEEX question EI2HCB 4 1,751 01-14-2020, 10:47 PM
Last Post: Raftingdon2

Forum Jump:


Users browsing this thread: 1 Guest(s)