Quantcast

Book a bed and breakfast, catch a computer virus - INN the news 04.14.09

INNspiring.com | Innkeeper Forum & Innkeeping Resources

Help Support INNspiring.com | Innkeeper Forum & Innkeeping Resources:

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
article said:
"The bad guys are going out to legitimate websites and compromising them," said Weafer.
The goal of the viruses is to steal, with the spread of broadband overseas making it easier for lawless areas to inadvertently play host to hackers.
"In 2008, 78 percent of confidential information threats exported user data and 76 percent used a keystroke-logging component to steal information such as online banking account credentials," the report said.
This is why innkeepers are crazy to allow a custom form that asks for credit card info to be a part of their website even if on https. They just can't keep up with server security in a way to assure that form is secure. I have seen so many of these that were set up years ago that have never been updated or improved.
Leave these kind of forms to a third party (webervations, rezovation, superinn, rez nexxus ....) let them handle the daily security threats and associated patches and updates.
 

Penelope

Well-known member
Joined
Aug 4, 2008
Messages
1,716
Reaction score
0
article said:
"The bad guys are going out to legitimate websites and compromising them," said Weafer.
The goal of the viruses is to steal, with the spread of broadband overseas making it easier for lawless areas to inadvertently play host to hackers.
"In 2008, 78 percent of confidential information threats exported user data and 76 percent used a keystroke-logging component to steal information such as online banking account credentials," the report said.
This is why innkeepers are crazy to allow a custom form that asks for credit card info to be a part of their website even if on https. They just can't keep up with server security in a way to assure that form is secure. I have seen so many of these that were set up years ago that have never been updated or improved.
Leave these kind of forms to a third party (webervations, rezovation, superinn, rez nexxus ....) let them handle the daily security threats and associated patches and updates..
swirt said:
Leave these kind of forms to a third party (webervations, rezovation, superinn, rez nexxus ....) let them handle the daily security threats and associated patches and updates.
Who is responsible if, unfortunately, there was a breach in Webervations, Rezo...?
 

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
article said:
"The bad guys are going out to legitimate websites and compromising them," said Weafer.
The goal of the viruses is to steal, with the spread of broadband overseas making it easier for lawless areas to inadvertently play host to hackers.
"In 2008, 78 percent of confidential information threats exported user data and 76 percent used a keystroke-logging component to steal information such as online banking account credentials," the report said.
This is why innkeepers are crazy to allow a custom form that asks for credit card info to be a part of their website even if on https. They just can't keep up with server security in a way to assure that form is secure. I have seen so many of these that were set up years ago that have never been updated or improved.
Leave these kind of forms to a third party (webervations, rezovation, superinn, rez nexxus ....) let them handle the daily security threats and associated patches and updates..
swirt said:
Leave these kind of forms to a third party (webervations, rezovation, superinn, rez nexxus ....) let them handle the daily security threats and associated patches and updates.
Who is responsible if, unfortunately, there was a breach in Webervations, Rezo...?
.
penelope said:
Who is responsible if, unfortunately, there was a breach in Webervations, Rezo...?
If the breach was on their side ...as in someone didn't use your username and password to get the data...then they (the company) would/should be responsible.
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
We were not real happy to see this article either. They could have made this article about any small industry/merchant - not sure why they decided on B&B's. This does bring up a very good issue though. In the next year security is going to get tighter and tighter, and the smoke is going to be cleared. The truth is that what we all think is secure may not be. We are putting together a comparison chart hopefully to release soon.
For instance - banks will soon ONLY allow credit card information to be used on Level 1 PCI sites - that means a full external security audit. We already were informed by People's Bank that they are going to start enforcing this. What does this mean? Well for starters - there are no level 1 PCI compliant products in the market that we know of - not us, not Superinn, Resnexus, Availability Online, no one. Not us, nor anyone else. Up until now, everyone has been Level 2 compliant, if that. The only product we know to have undergone an external audit is RezOvation GT - and that just recently passed.
Confused? You are not alone... the big difference is that Level 2 companies do a self-audit... you can imagine how reliable that is - and it can be private so you would never know what it says anyways! So there really is no way to know if a company is compliant or not unless they go through an external audit. I'll be the first to admit that Webervations is not - we haven't been big enough to need a Level 1 audit in the past - but we are sure going to pay for one this year. Other widely-used companies may say they are compliant, but many are not and the innkeeper can be held liable for using them. I don't want to pick on anyone here, but this is public information... I'm happy to email out names but I won't post them here.
For instance - one company posts its own self-audit online - and the audit shows they failed in a number of areas. So anyone using this system knows they are using a non-pci compliant product, that hasn't even passed a self-audit. That is very problematic. Not to mention alerts hackers to their security breaches. Another stores full credit card and CVV data - expressly against the rules making them completely non-compliant. Yet another doesn't encrypt anything at all - making them non-compliant.
A lot of companies think the quarterly hacker-seal is enough to be compliant - but it is far from it - and if you are innkeeper using a system that you know stores things like CVV or you know failed a PCI audit - then the liability extends to you as well. The unfortunate part is that PCI insurance is null and void if you are using non-compliant software, and at a minimum, you are going to have to pay at least for the audit since your 3rd party is not the one with the merchant credit card account.
 

EmptyNest

Well-known member
Joined
May 22, 2008
Messages
8,741
Reaction score
1
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
Well according to what John has said...NO ONE is SECURE

So guess there is trouble ahead brewing for innkeepers
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
It is kind of a catch-22 for us providers though. Many of us are trying to be Level 2 compliant - which is all we needed to do, and still is all that is technically required. However - if you are an issuing bank - you can choose to issue based on whatever rules you want. Visa now will not even list Level 2 providers, and their list is the one that acquiring banks use to verify if software or websites are okay... So if I was a bank - I wouldn't want to issue cards to folks using providers that have only done a self-assesment and are not listed on the Visa site... Like People's is doing.
The problem lies within Level 2 being a self-assesment and inherintly being reliable. Just like I don't want my doctor to have taken a self-exam to graduate medical school, local restuarants don't do a self-assesment for their health department score, and you don't self-asses yourself into a AAA 4-Diamond rating - self assesments just leave a lot of room open to problems. My biggest concern as an innkeeper would be sifting through all the misinformation provided out there to make sure I don't get blindsided.
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
Well according to what John has said...NO ONE is SECURE

So guess there is trouble ahead brewing for innkeepers
.
But that is my point. Here at UVA my social security number was compromised twice by some employee taking his work laptop out of the office and leaving it in a car and it was stolen. He THOUGHT the ss numbers had been removed.
And they had the nerve to tell us not to worry as the theives did not know what they had - while the story was splashed all over the news.
And they have been hacked here. So NO site is 100%.
Riki
 

JBanczak

Well-known member
Joined
Jun 25, 2008
Messages
479
Reaction score
0
Very good point - that is why an external audit really is the only way to go because an auditor checks all of that. There are a few things short of that you can do to make sure you are not missing the obvious that really are the big ones... like...
* if you see that you can view CVV numbers for past reservations online - your provider is not compliant at all - this is against the rules even for encrypted storage
* if you can pull lists of credit card numbers where you can view all digits - good indication that they are not encrypted and not compliant
* if you can open the database on your computer (like Access of SQL) and see the credit card numbers - you are not encrypted and not compliant
* if your provider emails the credit card numbers out, you are not compliant
* if you can view an assesment and your provider failed - not compliant!!!!
There are a lot of others, but these can be some of the bigger/more obvious ones.
 

swirt

Forum founder. Former Owner.
Joined
May 17, 2008
Messages
3,210
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
 

gillumhouse

Moderator
Staff member
Moderator
Supporting Member
Joined
May 22, 2008
Messages
15,518
Reaction score
80
This is exactly why I do not take cc numbers online - period! They webervation a request - taking the room out of inventory - but I take the cc number over the phone. I just do not trust any of them, if they can hack into the Pentagon...... I hate it when I have t give MY cc number online for a purchase - but I need it delivered so I give it.
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
 

JunieBJones (JBJ)

Well-known member
Joined
May 22, 2008
Messages
3,893
Reaction score
0
This is exactly why I do not take cc numbers online - period! They webervation a request - taking the room out of inventory - but I take the cc number over the phone. I just do not trust any of them, if they can hack into the Pentagon...... I hate it when I have t give MY cc number online for a purchase - but I need it delivered so I give it..
gillumhouse said:
This is exactly why I do not take cc numbers online - period! They webervation a request - taking the room out of inventory - but I take the cc number over the phone. I just do not trust any of them, if they can hack into the Pentagon...... I hate it when I have t give MY cc number online for a purchase - but I need it delivered so I give it.
cordless phones, cell phones, those aren't all that secure either! :)
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
.
JunieBJones (JBJ) said:
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
Good - that makes at least 4 innkeepers that I know of, who have sent complaints! I don't care if there is a danger out there, she targeted B&Bs without even checking how we book online or she'd know we use the same type of "secure server" that the big guys do, so did not conduct proper fact checking.
I have a problem with a blanket statement in the header like that.
I would hope that BedandBreakfast.com will at least contact them or something.
RIki
 

muirford

Administrator
Staff member
Administrator
Moderator
Joined
May 22, 2008
Messages
2,489
Reaction score
6
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
.
JunieBJones (JBJ) said:
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
Good - that makes at least 4 innkeepers that I know of, who have sent complaints! I don't care if there is a danger out there, she targeted B&Bs without even checking how we book online or she'd know we use the same type of "secure server" that the big guys do, so did not conduct proper fact checking.
I have a problem with a blanket statement in the header like that.
I would hope that BedandBreakfast.com will at least contact them or something.
RIki
.
I tweeted bandb.com about the article and they responded to me, anyway. You're just as likely to have someone swipe your info when you hand your credit card to a front desk clerk at a hotel. I'm always amazed when people won't use a secure website but will give the number on unsecure cell phones. Of course, a lot of people don't have land lines these days.
 

egoodell

Well-known member
Joined
Jun 1, 2008
Messages
3,023
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
.
JunieBJones (JBJ) said:
swirt said:
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
The TITLE of the article was faulty. Stating book a B&B and get a virus!! If they used a little more tact in the title I would be fine with it. THanks to Riki I sent a comment and mentioned that many innkeepers used approved secure online reservation systems and that if you come across any homemade "FORM" online to input your personal details run away as fast as you can!
Good - that makes at least 4 innkeepers that I know of, who have sent complaints! I don't care if there is a danger out there, she targeted B&Bs without even checking how we book online or she'd know we use the same type of "secure server" that the big guys do, so did not conduct proper fact checking.
I have a problem with a blanket statement in the header like that.
I would hope that BedandBreakfast.com will at least contact them or something.
RIki
.
I tweeted bandb.com about the article and they responded to me, anyway. You're just as likely to have someone swipe your info when you hand your credit card to a front desk clerk at a hotel. I'm always amazed when people won't use a secure website but will give the number on unsecure cell phones. Of course, a lot of people don't have land lines these days.
.
muirford said:
I tweeted bandb.com about the article and they responded to me, anyway. You're just as likely to have someone swipe your info when you hand your credit card to a front desk clerk at a hotel. I'm always amazed when people won't use a secure website but will give the number on unsecure cell phones. Of course, a lot of people don't have land lines these days.
About 15 years ago I was living on Hilton Head and had to go to Atlanta for surgery. I stayed at a Marriott. Later that year I received a bill from my cc card for a airline ticket first class from NYC to LA round trip. The signature was a man's name.
When I asked why the charge went through, I was told "because the account was good".
I had to fill out an avadavit to get the charge removed.
That was the only place I had used the card for some time so I'm sure it was swiped at the hotel
Riki
 

muirford

Administrator
Staff member
Administrator
Moderator
Joined
May 22, 2008
Messages
2,489
Reaction score
6
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Do you really think that happens a lot? I don't know any innkeeper who has a home-built reservation system that collects credit card info. Some are not savvy enough that they get credit card info via reservation forms or emails, but I don't think I've ever seen a booking engine that wasn't one of the big ones. Now, getting viruses on our websites is a whole different story.
 

gillumhouse

Moderator
Staff member
Moderator
Supporting Member
Joined
May 22, 2008
Messages
15,518
Reaction score
80
Thank you, Riki for the link. I also responded. I took them to task for the headline BUT I also expressed disgust that such a statement would be made by Symantec, the very company many rely on to PROTECT their computer systems - NORTON! (Makes me glad I switched to AVG.) I stated that if Symantec was doing the job we pay them to do, we would not have to worry.
 

Copperhead

Well-known member
Joined
Jun 24, 2008
Messages
5,969
Reaction score
0
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki.
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
.
swirt said:
egoodell said:
Some from another chat board are sending complaints to Reuters about this careless kind of reporting. It looks like the reporter has no clue that we all use secure systems and just assumed we are all mom-and-pop companies.
I sent a complaint and if anyone else wants to this is the link
http://reuters- en.custhelp. com/cgi-bin/ reuters_en. cfg/php/enduser/ ask.php
It would be nice if someone really computer savvy like Swirt has the time to point out that we all use secure servers like SuperInns and Webervations.
RIki
But that's just it..WE (as in the savvy group of innkeepers here) use secure things like an established product, but there are a lot out there who use other means, because their web person said "sure I can build that".
Using the secrue reservation systems mean credit card data is safe (or at least out of our responsibility) but the article was largely about viruses too...and as Copperhead recently shared, most of our websites have some vulnerability to being hijacked. Her site was connecting her visitors to a malware site.
Most people use too short a username and password for the methods they use to update their websites. If your password is less than 10 characters and doesn't contain a few numbers some caps and a punctuation...then it is pretty likely your site is at risk.
I get handed a lot of account info in arranging to move or alter a site and 19 times out of 20 the usernames and passwords are LOW security (a single word) which makes them easy to get hijacked.
The article wasn't faulty...just unfortunate that the business they chose to represent "mom & pop" happens to be ours :(
Swit brings up a very good point and yes our website was tampered with. Luckily we monitor our site very closely and the issue was quickly found, not easily rid of though as it bounced from page to page for a couple of days prior to getting it totally removed. It is unfortunate that these evil people have now found small business websites to target with their evil doings. Luckily we use Webervations so our guest information was never compromised as we took our res. system offline as well while dealing with the issue - just as an extra safety precaution.
I do hold issue with the title of the article as it apears to target only our small industry. This problem is wide spread and it is important that all web users are knowlegable when placing their CC info on the internet, by the article it appears that only the B&B industry has issues. I plan to make my complaint on the subject as well.
 

Latest posts

Top