Includes the release of credit card numbers. What a bunch of useless bastards.
http://www.huntingandfishing.co.nz
Printable View
Includes the release of credit card numbers. What a bunch of useless bastards.
http://www.huntingandfishing.co.nz
Bit of a worry
Thought responsible businesses didn't hold your card details.
They might not be holding them as such but while the transaction is pending the details will be there i think.Quote:
Originally Posted by tetawa
Shame, the website clearly had problems, but looked like the start of something reasonable. I think a good website is absolutely key to this kind of business. If I was a business owner, I would make it a very high priority.
I'm not at all surprised by this, it's always been a badly maintained website and it's still using outdated versions of PHP and JQuery.
I can't say I was impressed with their website anyway - amazing considering how big the company and how much they make each year.
Glad I never use them😆
Sent from my SM-G900F using Tapatalk
Also not surprised at all.
I looked at their site, their hosting company etc, when they were having outages, and a lot of alarm bells were ringing.
Luckily we have a H&F just down the road, so I didn't need to use their site to buy anything.
Call me paranoid, but qualys ssl scan is always a good place to start if you're in doubt about how seriously a company takes security. This may speak volumes:
Attachment 52365
Just out of interest could you please run the same check on NZHS (should give a high score) and a couple of the notable NZ Gun Shops with online shopping and let us know the results.Quote:
Originally Posted by quentin
Sure thing. Give me 5
NZHS - A- rating if the certificate was trusted. You get that with a self signed cert with no root CA or chain certificates in place. Lucky this is not an e-commerce site!
Attachment 52391
Next up - guncity
Guncity - no, no, no!
Attachment 52392
Reloaders next
Better, but I would be happier seeing an A or A+
Reloaders use Zeald to do their ecommerce side of the website.
Attachment 52393
This is what you want to see ideally.
Attachment 52394
Interesting stuff. Thanks Quentin.
I guess trademe would be of interest to a few as well. Hopefully they are bullet proof
Ta Quentin. So really if the company's home website is as leaky as a sieve that is not such an issue - although I guess if it is a firearms or related deal you still want maximum personal details security in the home website. It is when you go to the checkout part of the transaction and are transferred to a different website for CC entry etc that you would be expecting impeccable security? Interestingly, 3 years ago I had 2 transaction totaling US10,000 taken out of my CC. Transactions were for 1st class air travel and were carried out in Singapore. ASB covered the whole thing but were also unable to explain to me how my daily limit didn't prevent the transactions occurring. I have always been super super careful with my CC. On occasion I have even sent my CC number in 2 halves when I havn't been 100% happy with a site - 1/2 via fax, the second 1/2 a day later by email. Yes, after the 10G I am even more anal.
Ideally the whole site will use SSL encryption so any traffic from your computer to the website cannot be intercepted and read. This is not a guarantee that data stored there is secure, but chances are higher that a site without it. For cc payments it is common practice to send these to payment gateways, as getting PCI compliance is a nightmare. I was surprised to see the zeald payment gateway score so badly tho. If in doubt, ring the company and read them the cc details to enter directly into their terminal.
And trademe:
Attachment 52395
Anyone can test using this tool if they like: https://www.ssllabs.com/ssltest/
Great tool !
My 2nd fav gunshop, GUNS NZ
Attachment 52397
And I see that the huntingandfishing.co.nz website is back up, and have obviously laid down the law with regards to site security. An A rating which is really good to see.
Attachment 57685
Thought I'd test these guys for laughs after I signed up for an account and they emailed me my username and password in plain text (!!!) (this is a huge huge huge no-no, probably one of the worst things you can do in terms of security for a multitude of reasons). I immediately deleted my account.
Roughly what I expected.
Attachment 57791
yeah, nah.
Other than picking up and paying at the store, I would give them a wide berth. Sites like this should be shut down until they can at least pass a security audit.
That's a bit of a worry, have brought stuff off them in the past
Luckily they pass off the credit card payments to the secure.zeald gateway, but if they have little regard for security on their main site where you enter all of your other details, I would stay away.
