[clue] security question
Philipp Giddings
webmaster at continentalbook.com
Mon Mar 26 16:01:29 MDT 2012
go to this page
https://secure.kimbia.com/secure/F276DAN9GW
same form with https calls not obscured
On 3/26/2012 10:33 AM, Dan Kulinski wrote:
> At this point either email their webmaster and mention your findings
> or call them up to register and see if they have an alternative form
> of payment.
>
> Dan
>
> On Mon, Mar 26, 2012 at 10:32 AM, Mike Bean <beandaemon at gmail.com
> <mailto:beandaemon at gmail.com>> wrote:
>
> That's it, the browser thinks it's not secure, or more
> importantly, lastpass thinks it is (not secure). And the browser
> resolves as runforyourlives.com <http://runforyourlives.com>, not
> https. that's what's making me nervous!
>
> Bean
>
>
> On Mon, Mar 26, 2012 at 10:29 AM, Dan Kulinski
> <daniel at kulinski.net <mailto:daniel at kulinski.net>> wrote:
>
> What part are you worried about? Did you check their
> certificate? Your browser will warn you if you submit a form
> over a non-secure channel from an HTTPS page. You can check
> the form and make sure it isn't submitting to a non-secure
> page (if it is an absolute path that begins with http:// that
> is bad).
>
> Dan
>
> On Mon, Mar 26, 2012 at 10:25 AM, Mike Bean
> <beandaemon at gmail.com <mailto:beandaemon at gmail.com>> wrote:
>
> Briefly, I want to register for the denver run of
> http://runforyourlives.com/ , but I can't just take their
> word for it that their site is secure just because it has
> a footnote at the bottom that says, "this site is
> secure". Well, if that were true, wouldn't it show up
> with the browser lock icon or https:, in the URL? Is it
> possible it's just a @#$@#$@#$ implementation of SSL? Is
> there another way which I am not aware of to do the
> needful on a site security before rendering a credit card
> number onto them?
>
> Bean
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> <mailto:clue at cluedenver.org>
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> <mailto:clue at cluedenver.org>
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org <mailto:clue at cluedenver.org>
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
>
>
>
>
> _______________________________________________
> clue mailing list: clue at cluedenver.org
> For information, account preferences, or to unsubscribe see:
> http://cluedenver.org/mailman/listinfo/clue
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://cluedenver.org/pipermail/clue/attachments/20120326/aafdafae/attachment.html
More information about the clue
mailing list