Slashdot stories can be listened to in audio form via an RSS feed, as read by our own robotic overlord.

 



Forgot your password?
typodupeerror

+ - 21 Financial Sites Found to Store Sensitive Data in Browser Disk Cache->

Submitted by Anonymous Coward
An anonymous reader writes "The LA Times mentions that after visiting well known sites such as ADP, Verizon Wireless, Scottrade, Geico, Equifax, PayPal and Allstate, sensitive data remains in the browser disk cache despite those sites using SSL. This included full credit reports, prescription history, payroll statements, partial SSNs, credit card statements, and canceled checks. Web servers are supposed to send a Cache-Control: no-store header to prevent this, but many of the sites are sending non-standard headers recognized only by Internet Explorer, and others are sending no cache headers at all. While browsers were once cautious about writing content received over SSL to the disk cache, today, most do so by default unless the server specifies otherwise."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

21 Financial Sites Found to Store Sensitive Data in Browser Disk Cache

Comments Filter:

Loan-department manager: "There isn't any fine print. At these interest rates, we don't need it."

Working...