Is this REALLY a secure site?

[Angelfood MacSpade]

I am required to enter my bank information in order to withdraw funds
from an online sportsbook betting site. On that withdraw page (there's
no direct URL), there's the usual statement that the site is 100%
secure and that all information submitted is encrypted through SSL
Encryption. And there's a clickable logo for VeriSign. But that's all
there is - there is no security symbol in the status bar of IE and
clicking there shows the following information "This type of document
does not have a security certificate".

So how do I know if I'm dealing with a secure site or not? I'm still
waiting for a response from the company. Thanks.

 

[Uncle John]

"Angelfood MacSpade"

Is it an https url/ ? For more information check this link

http://support.microsoft.com/kb/833786

 

[David H. Lipman]

What's the URL ?

--
Dave




| I am required to enter my bank information in order to withdraw funds
| from an online sportsbook betting site. On that withdraw page (there's
| no direct URL), there's the usual statement that the site is 100%
| secure and that all information submitted is encrypted through SSL
| Encryption. And there's a clickable logo for VeriSign. But that's all
| there is - there is no security symbol in the status bar of IE and
| clicking there shows the following information "This type of document
| does not have a security certificate".
|
| So how do I know if I'm dealing with a secure site or not? I'm still
| waiting for a response from the company. Thanks.
|

 

[Angelfood MacSpade]

There's no direct URL for the withdraw page. You can get there from
http://www.sportsinteraction.com/sportsbook/index.cfm though. The URL
remains the same - so, no, it does not display "https:" Maybe just a
funky way of coding?

 

[Steve N.]

I am required to enter my bank information in order to withdraw funds
from an online sportsbook betting site. On that withdraw page (there's
no direct URL), there's the usual statement that the site is 100%
secure and that all information submitted is encrypted through SSL
Encryption. And there's a clickable logo for VeriSign. But that's all
there is - there is no security symbol in the status bar of IE and
clicking there shows the following information "This type of document
does not have a security certificate".

So how do I know if I'm dealing with a secure site or not? I'm still
waiting for a response from the company. Thanks.

How can anyone really know if an SSL or HTTPS connection is truly
secure? Because someone said it is? Even if it is theoretically secure
what's to prevent some creep on the other end from swiping your bank
info anyway? It happenned to me a couple of years ago after entering in
account info in a "bona-fide" secure site and the dang bank paid out
$150 we didn't even have in the account without ANY authorization from
us. The bank had no explanation; "it just happens and it happens a lot".

My advice, don't give out ANY account info on-line and don't trust banks
either; they're all crooks as far as I'm concerend.

Steve

 

[TDP]

Hope this info helps I use it if in doubt about a website's security:
To verify genuine websites do this: type this in the address bar while on
the website in question:

javascript:alert("actual URL address:" + "//" + location.hostname + "//");

press enter: the true address of the website will be shown in the dialog box
that appears.
Regards TDP.

 

[David H. Lipman]

I could NOT access the web site.

I did get the following information

SIA
5 Cannon Lane
Gibraltar, 00000
GI

Domain Name: SPORTSINTERACTION.COM

Administrative Contact:
J O'Connor ********@sportsinteraction.com
SIA
292A Main Street
Gibraltar, N/A 00000
GI
Phone: +14506355575
Fax:
Technical Contact:
J O'Connor ********@sportsinteraction.com
SIA
292A Main Street
Gibraltar, N/A 00000
GI
Phone: +14506355575
Fax:
Billing Contact:
J O'Connor ********@sportsinteraction.com
SIA
292A Main Street
Gibraltar, N/A 00000
GI
Phone: +14506355575
Fax:

Record updated on 2004-11-02 05:14:25
Record created on 1997-07-23
Record expires on 2013-12-10
Database last updated on 2005-01-11 13:05:43 EST

Domain servers in listed order:

NS.MOHAWKISP.NET 66.212.224.241
NS2.MOHAWKISP.NET 66.212.224.242

TransferGuard LOCK Status => ENABLED

Registrant: Make this info private
Mohawk Internet Technologies (20602398O)
P.O. Box 1470 33 Route 138
Kahnawake, QC J0L 1B0
CANADA
Phone: 450-638-4007


--
Dave




| There's no direct URL for the withdraw page. You can get there from
| http://www.sportsinteraction.com/sportsbook/index.cfm though. The URL
| remains the same - so, no, it does not display "https:" Maybe just a
| funky way of coding?
|
| On Tue, 11 Jan 2005 10:26:33 -0500, "David H. Lipman"
|
| >What's the URL ?
|

 

[Lem]

AFAIK, the invariable rule is that if the URL doesn't begin with https://,
then the site isn't using SSL. In the case of the website you mention,
however, the "withdraw page" is being displayed as a frame, and thus the
actual url isn't shown in the browser location bar. If you use a browser
that lets you "open frame in new window" (like Netscape) you would see
that the frame really does have a https:// address. Alternatively, right
click in the frame in question and select Properties, which will show you
that the site uses SSL 3.0 with 128 bit encryption.

On the other hand, since you obviously are a betting type of person, why
don't you just consider that the use of your financial info on this site
is itself a bet --i.e., that no one is going to misuse it? Or, if you're
still concerned, open a debit card account and use that. That way your
potential loss is limited by however much you choose to put in the
account.

 

[Steve N.]

AFAIK, the invariable rule is that if the URL doesn't begin with https://,
then the site isn't using SSL. In the case of the website you mention,
however, the "withdraw page" is being displayed as a frame, and thus the
actual url isn't shown in the browser location bar. If you use a browser
that lets you "open frame in new window" (like Netscape) you would see
that the frame really does have a https:// address. Alternatively, right
click in the frame in question and select Properties, which will show you
that the site uses SSL 3.0 with 128 bit encryption.

On the other hand, since you obviously are a betting type of person, why
don't you just consider that the use of your financial info on this site
is itself a bet --i.e., that no one is going to misuse it? Or, if you're
still concerned, open a debit card account and use that. That way your
potential loss is limited by however much you choose to put in the
account.

Don't bet on it. My ex-bank paid out $150 from my checking account I
didn't even have in there, without authorization, too. It not only cost
me money but a day's work trying to get them to fix it.

Steve

 

[Lem]

Checking accounts sometimes have "overdraft protection" features, or a bank may
"as a courtesy" pay a relatively small overdraft amount without bouncing the
check for "insufficient funds." I doubt they would do the same for a debit
account, but as they say, YMMV. If the OP doesn't want to bet that his bank
won't pay out more than he has in his account, he probably doesn't want to bet
that the Steelers will win the Superbowl either.

 

[B Smith]

Are there any spaces in that line, I couldn't get it to work:? The quotes
are not required, correct? Should it appear like this?

javascript:alert actual URL address: + // + location.hostname + //

 

[Steve N.]

Checking accounts sometimes have "overdraft protection" features, or a bank may
"as a courtesy" pay a relatively small overdraft amount without bouncing the
check for "insufficient funds." I doubt they would do the same for a debit
account, but as they say, YMMV. If the OP doesn't want to bet that his bank
won't pay out more than he has in his account, he probably doesn't want to bet
that the Steelers will win the Superbowl either.

I assure you the account I had was a no-frills basic checking account,
had no overdraft protection and the only courtesy they did was to
themsleves in overdrafting my account for over $200 as a direct result
of the unauthorized transaction.

I have learned the hard way not to trust banks or on-line transactions
of any kind.

But as you say, YMMV.

Steve

 

[Leythos]

There's no direct URL for the withdraw page. You can get there from
http://www.sportsinteraction.com/sportsbook/index.cfm though. The URL
remains the same - so, no, it does not display "https:" Maybe just a
funky way of coding?

The url leads to a working website, but, there is nothing to say that
you are going to not get scammed - I guess it's a GAMBLE (notice the
pun) on getting the money. Since I didn't see a SSL connection, and you
understand that SSL only means that the data is not sent in clear text,
it DOES NOT MEAN THE SITE IS LEGIT.

Ask yourself why you started using the site if you don't trust them to
send you your winnings?

 

[Rick Merrill]

Steve N. wrote:
....

How can anyone really know if an SSL or HTTPS connection is truly
secure? Because someone said it is? Even if it is theoretically secure
what's to prevent some creep on the other end from swiping your bank
info anyway?

That is true of creeps behind the gasoline pump too isn't it!? The
human factor is WAY more important than the technology factor. It is
much easier to glom onto credit card rubbings than it is to sniff
out packets of information scattered around the internet

The tip off to bogus sites is nOt https vs http but whether the
site uses a numerical IP address: those are always bogus.

 

[Angelfood MacSpade]

The url leads to a working website, but, there is nothing to say that
you are going to not get scammed - I guess it's a GAMBLE (notice the
pun) on getting the money. Since I didn't see a SSL connection, and you
understand that SSL only means that the data is not sent in clear text,
it DOES NOT MEAN THE SITE IS LEGIT.

Ask yourself why you started using the site if you don't trust them to
send you your winnings?

I have a reasonable amount of trust in the company however if I'm
having to transmit my bank information, I'd like to have a little
confirmation their web page is secure. If they are advertising a
secure page but it is not actually secure - well then I'd have severe
doubts I should be dealing with these guys. BTW, I now see by the
properties of the frame, it is indeed secure.
-

 

[Steve N.]

Steve N. wrote:
...



That is true of creeps behind the gasoline pump too isn't it!?

Yep. I now pay in cash or postal money orders. No checks. No cards. No
fees. No problems.

The
human factor is WAY more important than the technology factor. It is
much easier to glom onto credit card rubbings than it is to sniff
out packets of information scattered around the internet

Hard to find good help I guess. But in the case of online ID theft when
using bona-fide secure sites you'd think that the employers would screen
or hire bondable emplyees in the first place. Not that this would
prevent a screened and bonded employee from stealing, but I'd think it
would help glean out most of the riff-raff.

What I found to be most interesting in the case I suffered was that a
major credit card company wound up making the authorization against my
account and I didn't even have a credit card nor ever had done business
with that firm. Of course the creep on the other end of the wire
probably punched in the right numbers and the company followed standard
procedure. I still ultimately blame the bank, though.

The tip off to bogus sites is nOt https vs http but whether the
site uses a numerical IP address: those are always bogus.

Intersting. We frequently access a state public education testing site
that uses numerical addressing and it is definitely not bogus. Curious,
why would you make that distinction? I mean what do you base this upon?

Thanks,
Steve

 

[Leythos]

If they are advertising a
secure page but it is not actually secure - well then I'd have severe
doubts I should be dealing with these guys.

You need to stop thinking like the above - SSL and not SSL don't mean
anything when it comes to data security, it's not the information
between your computer and their server that you should be concerned
about, it's what they do with the data once they have it.

I remember working on a project at a place that hosted some cheap sites
and also hosted TONS of porn sites (we had to fix a non-porn site for a
client). The database was MSSQL, and it was fully exposed to the
inernet. Each customer was given a SQL logon and password, but the
idiots had made each of the accounts the same level as SA. Any user that
knew enough could get into any other users database - and they had many
databases with credit card info and customer address/billing info in
clear text in tables. After we talked to them about it, it took more
than a month for them to close the 1433/1434 ports to the public!

 

[Uncle John]

Check this guide http://support.microsoft.com/kb/833786

 

[jimwatt]

If you need to know anything about Gibraltar I have answers.
You could try matching that address to

http://www.gibnet.com/data/lplist.htm

Internet gaming here is very carefully regulated by the
Government, and the Electronic Commerce Ordinance
(2000) is a modern bit of legislation.

The .gi nic is keen to preserve a good reputation and
will pull any domains that they suspect are engaged in illegal
or dubious activity.

 

[B Smith]

Or try Las Vegas...as the saying goes "what money comes
to Vegas, stays in Vegas!"