The dangers of using UFC's Fight Pass

fobarfobar Posts: 27,337Free
There are a number of potentially serious security questions about the UFC's Fight Pass service, unfortunately the promotion isn't interested in answering them at this time.

The UFC's Fight Pass has launched to mixed reviews. Generally the feeling is that once it's up and running as promised, it's going to be pretty great. There are a few teething problems at the moment - in terms of content delivery and user friendliness - which Trent Reinsmith covered in detail here.

My concern is less with that, and more with the security and support side of things. My background is in developing software solutions for companies' online web presence, and security of user data is a pretty fundamental pillar of that. The security of user data on UFC.TV, which is the home of the user data for fight pass, has some flaws which are sounding alarms with many, myself included.

User passwords are shown in plain text (you can test this by telling the UFC.TV site you forgot your password. They'll email you your own password.) In short, what this means is your password is at some point visible to anyone with access to the UFC's user database. That means UFC employees, and anyone who may gain access to it through nefarious means, such as hacking the UFC's DB server, which is a relatively common type of web hack, can see the password you use on UFC.TV.

MORE here: http://www.bloodyelbow.com/2014/1/13/5295434/ufc-fight-pass-security-issues-credit-cards-hackers-fraud
image
image

Tagged:
«1

Comments

Sign In or Register to comment.