Archive for Shamed

NRMA insures Internet Explorer users

It’s official, NRMA, an Australian insurance company, won’t give you a quote for travel insurance unless you use Internet Explorer.

NRMA insures Internet Explorer users

Personally, I find this discriminatory. I’m not sure if there are laws to protect potential customers from discriminatory behaviour (there are if you’re a potential employee, and might be if you’re an existing customer).

I did the neighbourly thing and sent a message to them using their feedback form and will update this site if I hear back from them.


Leave a Comment

WebEx takes credit cards insecurely!

A colleague of mine just tried signing up for a WebEx service. When he got to the “Please enter billing and credit card information” section, he noticed a funny symbol in the bottom of FireFox: firefox_partially_secure.png

This symbol means “partially secure” and we got to wondering why this came up. Now I’m not sure this is the reason, but here’s the worrying thing we discovered:

Click the image for the big picture. What you can see there is the form information as displayed by the Web Developer Toolbar, and if you look at the top left of the form, you’ll see it’s submitting to http, which means your credit card details are being sent without encryption!
Needless to say, my colleague did not complete the process and WebEx may have lost a sale.

Leave a Comment

Queensland Holidays

I entered a comp to win a holiday in Queensland a few months ago and got a promo email today. At the end of the email was a "follow this link to unsubscribe" link, and I did just that.

Now usually, that will take you to a page that says "You're unsubscribed". At worst, it might ask for my email address (although that information could have been passed to the page from the link in the email).

This site, however, decided that it would ask for an email address, and then send me an email with instruction on how to unsubscribe!

I just got this email:

Hi Ben,

You have requested to remove your subscription from the Queensland Holidays mailing list.

To confirm your request, please visit this link within 14 days.

This message was automatically generated by the Queensland Holidays mailing list.

I was half expecting to follow the link and be asked for my email address again, but luckily it just told me my subscription has been removed. Phew!

Leave a Comment

Friends Reunited

Friends Reunited Password

Friends Reunited show your password in clear text on an insecure (HTTP) page.

I emailed them to tell them I was concerned, and was reassured (unfortunately I can’t find the email any more) that the page was perfectly safe, as you’d need my password to get there in the first place.

I replied to tell them that the password was being displayed clear text on a page that had not been secured with an SSL certificate, and hence the whole HTML page was probably cached on a number of servers in-between (such as my ISP’s). No further response was forthcoming.

Leave a Comment