Agency Based Discussion > Cutcaster

Cutcaster tax forms online - Secure? SSN risk?

(1/1)

EmberMike:

I just got my 1099 form from Cutcaster. Better late than never, I guess.

Upon saving it to my computer I realized that all I had to do to access it was click on a link to a PDF file in an email. I'm no web security expert but doesn't this seem sort of non-secure? The file URL is a standard http (not https) and I didn't have to log in to view it. Just click the link and there it goes.

If anyone were to gain access to my email they could easily see this form and my Social Security Number. Not to mention the possibility of someone being able to somehow access this non-secure directory on the Cutcaster website and potentially get lots of SSNs complete with names, addresses, etc.

cthoman:

--- Quote from: EmberMike on March 26, 2013, 16:57 ---
I just got my 1099 form from Cutcaster. Better late than never, I guess.

--- End quote ---

LOL. I was thinking they missed the party when I got that today. 2012 taxes are already done.

EmberMike:

Just to follow up on this, I asked a friend in the web security business about this and he made the comment that there is a saying in his line of work: "Security through obscurity is not security." In other words, these forms are not safe in the manner in which Cutcaster is distributing them.

I've emailed them again asking that my form be taken offline, and am still awaiting a response.

KimsCreativeHub:
Hmm, I wonder if they could have the form available from the site "when you login" to your secure area?  :)

Spectral-Design.net:
Regular email is not secure. Both communicating sides would have to install GPG (a encryption standard/tool) to be able to send information savely over the Internet. GPG is the open source Version of PGP, which nowadays cannot be assumed to be secure anymore since it is closed source and driven by a private company.

See: http://en.wikipedia.org/wiki/GNU_Privacy_Guard

Sadly, nowadays, we are far too little sensitive about our information. We live like privacy kamikazes always assuming / hoping that everything will be alright.

Navigation

[0] Message Index