MicrostockGroup Sponsors

Envato Elements

Author Topic: Cutcaster tax forms online - Secure? SSN risk?  (Read 2669 times)

0 Members and 1 Guest are viewing this topic.

EmberMike

« on: March 26, 2013, 16:57 »
0

I just got my 1099 form from Cutcaster. Better late than never, I guess.

Upon saving it to my computer I realized that all I had to do to access it was click on a link to a PDF file in an email. I'm no web security expert but doesn't this seem sort of non-secure? The file URL is a standard http (not https) and I didn't have to log in to view it. Just click the link and there it goes.

If anyone were to gain access to my email they could easily see this form and my Social Security Number. Not to mention the possibility of someone being able to somehow access this non-secure directory on the Cutcaster website and potentially get lots of SSNs complete with names, addresses, etc.


« Reply #1 on: March 26, 2013, 17:54 »
0

I just got my 1099 form from Cutcaster. Better late than never, I guess.

LOL. I was thinking they missed the party when I got that today. 2012 taxes are already done.

EmberMike

« Reply #2 on: March 27, 2013, 18:32 »
0

Just to follow up on this, I asked a friend in the web security business about this and he made the comment that there is a saying in his line of work: "Security through obscurity is not security." In other words, these forms are not safe in the manner in which Cutcaster is distributing them.

I've emailed them again asking that my form be taken offline, and am still awaiting a response.


« Reply #3 on: August 30, 2013, 11:03 »
0
Hmm, I wonder if they could have the form available from the site "when you login" to your secure area?  :)

Spectral-Design.net

« Reply #4 on: August 30, 2013, 11:49 »
0
Regular email is not secure. Both communicating sides would have to install GPG (a encryption standard/tool) to be able to send information savely over the Internet. GPG is the open source Version of PGP, which nowadays cannot be assumed to be secure anymore since it is closed source and driven by a private company.

See: http://en.wikipedia.org/wiki/GNU_Privacy_Guard

Sadly, nowadays, we are far too little sensitive about our information. We live like privacy kamikazes always assuming / hoping that everything will be alright.
« Last Edit: August 30, 2013, 12:28 by Spectral-Design.net »


 

Related Topics

  Subject / Started by Replies Last post
7 Replies
2833 Views
Last post November 14, 2006, 16:58
by Bateleur
19 Replies
4399 Views
Last post May 13, 2008, 05:38
by maunger
4 Replies
2105 Views
Last post September 05, 2009, 18:30
by Jonathan Ross
7 Replies
3300 Views
Last post August 03, 2010, 20:04
by sweetgirll
16 Replies
3406 Views
Last post December 14, 2017, 13:09
by Chichikov

Sponsors

Microstock Poll Results