Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

While I trust him, how can we be sure that paymentiframe.com starts serving an iframe that steals the credit cards in the future?


From the page:

> Why should I trust you?

> [...] If you're worried about both, consider this a proof-of-concept which you should replicate on your own server (using a separate domain name from the rest of your site).


Yeah nobody should be embedding this verbatim to process payments that will fail any pci audit.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: