Am I the only one that finds this disturbing? I originally found it through Shoemoney's blog and I made my own post about it here: http://www.subnixus.com/2005/11/27/chitika-runs-on-postnuke Shoemoney wrote: "WHAT?????!?! ARE YOU FRICKIN KIDDING ME!! The backend reporting and authentication is all being handled by postnuke? The most insecure CMS Ever? I know because I was a developer with the Postnuke project for 6 years. I was truely shocked and amazed by this."
also just to clarify the whole site is running under the postnuke cms once you log in... and it appears to be a exploitable version although I am not going to test it.
They will have to make some major improvements thats for sure. It all appears to me that its to much manipulative.
I suppose Hackers could not only steal revenues but private PayPal information as well!!!! Skimming clicks/revenues is one thing - the thought of having my PayPal info hacked is a whole n'other matter WOW - this is starting to make me not want to go with this group - even if I am accepted
Chitika doesn't ask you for any "private PayPal information" other than your account email address. So if someone were to hack into Chitika they would still need to hack into PayPal as well since Chitika doesn't have any of your PayPal details other than your email address. And if you are worried about someone hacking into Chitika and figuring out your PayPal email address.... why go to that length when they can just go to the website listed in your sig and pull it from the HTML source?
You are correct on that, tflight - they would not have my password. You are making a giant assumption here that I have only one email address...
Even so, the fact that Chitika uses PostNuke doesn't really make your PayPal account more susceptible to being hacked.