Archive for Security

WebEx takes credit cards insecurely!

A colleague of mine just tried signing up for a WebEx service. When he got to the “Please enter billing and credit card information” section, he noticed a funny symbol in the bottom of FireFox: firefox_partially_secure.png

This symbol means “partially secure” and we got to wondering why this came up. Now I’m not sure this is the reason, but here’s the worrying thing we discovered:

webex_insecure_cc.png
Click the image for the big picture. What you can see there is the form information as displayed by the Web Developer Toolbar, and if you look at the top left of the form, you’ll see it’s submitting to http, which means your credit card details are being sent without encryption!
Needless to say, my colleague did not complete the process and WebEx may have lost a sale.

Advertisements

Leave a Comment

Friends Reunited

Friends Reunited Password

Friends Reunited show your password in clear text on an insecure (HTTP) page.

I emailed them to tell them I was concerned, and was reassured (unfortunately I can’t find the email any more) that the page was perfectly safe, as you’d need my password to get there in the first place.

I replied to tell them that the password was being displayed clear text on a page that had not been secured with an SSL certificate, and hence the whole HTML page was probably cached on a number of servers in-between (such as my ISP’s). No further response was forthcoming.

Leave a Comment