Hacker News new | past | comments | ask | show | jobs | submit login

The number of sites that have flaws like you mentioned (encrypted data and clear text passwords) is worrying.

Is there not a independent third part that can audit sites for this kind of incompetence and rank or award compliant sites so consumers can factor this in when choosing services?




There's this site which acts as a 'wall of shame' for blatant violations of storing passwords in plaintext - http://plaintextoffenders.com/

Not sure if it's actually effective at getting things done but certainly is a nice reminder for the consumer to be careful.


Yes, PCI QSAs. All they can do, and all the ICO can do, is fine you. A typical fine might be £10k-£100k. For these large businesses, they see it as being more cost effective to be cavalier about security and pay off the authorities. See amazon's credit card handling, for instance.

Like most things in life, it's a two tier system.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: