Search

Mobile tag

About Me

I am the "IBM Collaboration & Productivity Advisor" for IBM Asia Pacific. I'm based in Singapore.
Reach out to me via:
Follow notessensei on Twitter
(posts)
Skype
Sametime
IBM
Facebook
LinkedIn
XING
Amazon Store
Amazon Kindle

Twitter

Domino Upgrade

VersionSupport end
5.0
6.0
6.5
7.0
8.0
8.5
Upgrade to 9.x now!
(see the full Lotus lifcyle) To make your upgrade a success use the Upgrade Cheat Sheet.
Contemplating to replace Notes? You have to read this! (also available on Slideshare)

Languages

Other languages on request.

Visitors

Useful Tools

Get Firefox
Use OpenDNS
The support for Windows XP has come to an end . Time to consider an alternative to move on.
StopTheSecrecy

« Lotus Sympony beyond 3.0 | Main| Access Control in Domino - The Basics »

VPost needs more attention to security details

I'm using vPost, a service by Singapore's postal service to ship stuff I oder online. vPost provides me with an US, European and Japanese shipping address, so I can take advantage of free "local" shipping or get stuff from vendors that don't ship overseas. After a few teething problems the service works reasonable well, I can recommend it in general. You have to compare shipping rates from the vendor since vPost might not always be the cheapest option. However vPost needs to pay more attention to security. They have the basics right and use https on all their site, so that's OK. They also leverage on "Verified by Visa" that uses one-time tokens via SMS to secure transactions. The improvements needed are after you enter your credit card details and hit next:
vPost securit challenges
  1. The credit card number is displayed in full (other sites only show a few digits). So someone peeking over the shoulder can note it (same applies to the expiry date)
  2. The security code is displayed. It shouldn't be shown AT ALL.
  3. Being security concious (and not liking tracking cookies) I don't allow cookies from other websites. VPost requires me to lower my security standards. I'm sure that could be avoided
Some work to be done.

Disclaimer

This site is in no way affiliated, endorsed, sanctioned, supported, nor enlightened by Lotus Software nor IBM Corporation. I may be an employee, but the opinions, theories, facts, etc. presented here are my own and are in now way given in any official capacity. In short, these are my words and this is my site, not IBM's - and don't even begin to think otherwise. (Disclaimer shamelessly plugged from Rocky Oliver)
© 2003 - 2014 Stephan H. Wissel - some rights reserved as listed here: Creative Commons License
Unless otherwise labeled by its originating author, the content found on this site is made available under the terms of an Attribution/NonCommercial/ShareAlike Creative Commons License, with the exception that no rights are granted -- since they are not mine to grant -- in any logo, graphic design, trademarks or trade names of any type. Code samples and code downloads on this site are, unless otherwise labeled, made available under an Apache 2.0 license. Other license models are available on written request and written confirmation.