Thread: Hunting and fishing web site hacked

Interesting stuff. Thanks Quentin.

I guess trademe would be of interest to a few as well. Hopefully they are bullet proof

Ta Quentin. So really if the company's home website is as leaky as a sieve that is not such an issue - although I guess if it is a firearms or related deal you still want maximum personal details security in the home website. It is when you go to the checkout part of the transaction and are transferred to a different website for CC entry etc that you would be expecting impeccable security? Interestingly, 3 years ago I had 2 transaction totaling US10,000 taken out of my CC. Transactions were for 1st class air travel and were carried out in Singapore. ASB covered the whole thing but were also unable to explain to me how my daily limit didn't prevent the transactions occurring. I have always been super super careful with my CC. On occasion I have even sent my CC number in 2 halves when I havn't been 100% happy with a site - 1/2 via fax, the second 1/2 a day later by email. Yes, after the 10G I am even more anal.

Ideally the whole site will use SSL encryption so any traffic from your computer to the website cannot be intercepted and read. This is not a guarantee that data stored there is secure, but chances are higher that a site without it. For cc payments it is common practice to send these to payment gateways, as getting PCI compliance is a nightmare. I was surprised to see the zeald payment gateway score so badly tho. If in doubt, ring the company and read them the cc details to enter directly into their terminal.

And trademe:



Anyone can test using this tool if they like: https://www.ssllabs.com/ssltest/

Great tool !

My 2nd fav gunshop, GUNS NZ

And I see that the huntingandfishing.co.nz website is back up, and have obviously laid down the law with regards to site security. An A rating which is really good to see.

Thought I'd test these guys for laughs after I signed up for an account and they emailed me my username and password in plain text (!!!) (this is a huge huge huge no-no, probably one of the worst things you can do in terms of security for a multitude of reasons). I immediately deleted my account.
Roughly what I expected.

yeah, nah.

Other than picking up and paying at the store, I would give them a wide berth. Sites like this should be shut down until they can at least pass a security audit.

That's a bit of a worry, have brought stuff off them in the past

Luckily they pass off the credit card payments to the secure.zeald gateway, but if they have little regard for security on their main site where you enter all of your other details, I would stay away.