TRANSACTION PORTALS AS INSECURE SITES. WATCH OUT!

It is important not only as security professionals but to those with little or no security awareness to always check for insecure sites i.e. sites without HTTPs when accessing transaction portals (see figure 1). Not a few are oblivious of that fact. And thanks to security checks put in place by modern browsers, e.g. google chrome and mozilla firefox, they are able to identify or detect insecure sites attempted by users on the internet. For sites that are not secure, they put up disclaimers on the address or url bar for users to see like "Not secure or dangerous", "Info Not secure", "Not secure", etc to prevent users from going through with such sites. As a user on the internet, do not enter sensitive details on sites like this without https (signalled by the padlock icon) because it could be stolen by attackers. Infact, hackers use this as a ploy to steal or sniff sensitive data such as passwords, credit card details, secret answers, etc especially if they are unencrypted. You may be unmindful of these when performing transactions such as logging into a transaction web portal, applying for a job online, financial transactions, instant messaging, etc. Not a few organisations are guilty of having insecure intranet sites and portals where internal users log in to do transactions. It is common to see such sites and they put up a trivial defence that these are intranet sites not exposed to the internet, forgetting that most breaches come from the inside. Organisations and their app developers should do well to ensure that not just their 3rd party connections or extranet sites are secure but also their internally-accessed sites. There should be enough security awareness on this to internal staff and users which is not far from the purpose of this post. Please users always watch out for these insecure sites so you may not be vulnerable, as they have proven to be sources of major breaches in organisations. I leave you with the words of Sun Tzu - "If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle."