Disturbing security requirements you should never accept

Every once in a while, a web site will try to convince you to change your security settings.┬á I was looking for blinds the other day and I found a web site that had a great deal.┬á When I tried to customize the blinds, I was presented with this web page informing me that I needed to modify my cookie settings for first and third-party cookies in order for the site to work. I tried the site in a few browsers and this page came up each time I tried to modify my selection. This should be a red flag to leave the site immediately.┬á It doesn’t really matter what the reason is, possibly outdated code or incorrect security settings.┬á Either way, changing your security settings can make your machine vulnerable to attack.┬á┬á I’ll leave the name of the company out but here is a screenshot of the page. ┬á I sent the company an email about this four days ago but I have not received a response.

BlindSecurity

Here is a copy of the email I sent them. I have to tell you that I am extremely displeased with your┬á web site.┬á I wanted to get a quote for blinds from you but I was presented with a page that requested I modify my browser security settings.┬á I tried it on Firefox and IE on my PC and neither worked so I tried it Firefox and Safari on my mac and it still did not work with my settings.┬á There is a reason why computers block the content you have on your site and that is because it is a security risk.┬á For you to force people to modify their security settings to use your┬á site makes all your customers unsafe and I think it is very reprehensible.┬á It opens them up to an attack or loss of privacy from future sites they may visit even if your own site has no malicious intent.┬á I would strongly encourage you to update your site so that it does not require this feature. You are doing a disservice to your customers.┬á Sincerely, Eric Vanderburg ┬á Don’t let a site intimidate you into changing your browser security settings just to use the site.┬á It may look like a good deal but there could be some “hidden fees” such as personal information harvesting.┬á Just go to another site instead.┬á Companies, protect company data and your employees by enforcing browser security controls through group policies.┬á This way users will not be able to modify their browser security even if a web site tries to convince them to make a change.

6 thoughts on “Disturbing security requirements you should never accept

    • This is a question you should ask your attorney. I am not qualified to answer it. My first thought is that you would not be liable but many blogs are moderated and so there could be a gray area if you approve the posting of a comment. As I said, though, I am not the right person to ask on the subject. Thanks for reading JurInnov security spotlight.

  1. You made some Good points there. I did a search on the topic and found that you are right about the risks this presents.

Leave a Reply

Your email address will not be published. Required fields are marked *