Forgot your password?
typodupeerror

+ - 21 Financial Sites Found to Store Sensitive Data in Browser Disk Cache->

Submitted by Anonymous Coward
An anonymous reader writes "The LA Times mentions that after visiting well known sites such as ADP, Verizon Wireless, Scottrade, Geico, Equifax, PayPal and Allstate, sensitive data remains in the browser disk cache despite those sites using SSL. This included full credit reports, prescription history, payroll statements, partial SSNs, credit card statements, and canceled checks. Web servers are supposed to send a Cache-Control: no-store header to prevent this, but many of the sites are sending non-standard headers recognized only by Internet Explorer, and others are sending no cache headers at all. While browsers were once cautious about writing content received over SSL to the disk cache, today, most do so by default unless the server specifies otherwise."
Link to Original Source
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

21 Financial Sites Found to Store Sensitive Data in Browser Disk Cache

Comments Filter:

Vitamin C deficiency is apauling.

Working...