I was about to make a purchase from a fairly reputable online shop when I noticed that the page where you enter your card details wasn’t https, just http.
Should I be concernced? The site is www.chillblast.com
It has the Thawte secure site seal, but I thought that the page where you enter card details should at least have the padlock at the foot of it?
If you click on the Thawte secure symbol, it takes you to a secure server, so I can’t understand why it isn’t a secure server for shopping cart :shrug:
I myself would be wary, but Barry has always said I’m paranoid 
I followed a purchase as far as totaling the cart and asking for my info. The site was still not secured at that point. They were lacking any form of encryption. I would guess they did not implement their security correctly.
Try calling their customer service and ask how they are trying to provide secure purchases without encryption. Might open their eyes to their seeming mistake.
Originally posted by Hidden_Spirit
I myself would be wary, but Barry has always said I’m paranoid
Digital paranoia is a good thing 
Well I ended up ordering from them anyway. I followed the Thwarte link, and it seemed to be ok…maybe it works in a different way?
somesites use java behind the scenes to encrypt and transmit
the details, though in-reality it shound be mentioned.
Maybe just overlooked on there part.
Wouldn’t you need java running on the client side to encrypt the data you are sending them? Between your computer and their server there needs to be some kind of encryption. No java client started on my system 
I’ve dropped them a message voicing my concerns. I’ll let you know what they come back with.
It seems there was a problem. Just had this email in reply…
[i]Hi Karl,
I apologise for the lack of secure encryption for your order. We made some changes to our config file and it appears that the https protocol was overwritten. All details are protected and once again I apologise for the problem with your order. I have alerted our coder who will fix this.
Let me know if you require further information.
Kind regards
Amil[/i]
:eek:
Cool that they replied back 
and on new years day
Nice to see that is sorted. Just think, that was your first good deed for the new year… and some coder’s first headache… :chuckle:
Originally posted by Bibby
[B]It seems there was a problem. Just had this email in reply…[i]Hi Karl,
I apologise for the lack of secure encryption for your order. We made some changes to our config file and it appears that the https protocol was overwritten. All details are protected and once again I apologise for the problem with your order. I have alerted our coder who will fix this.
Let me know if you require further information.
Kind regards
Amil[/i]
[/B]
See I knew I was right to be paranoid 
What are the odds of someone getting your details as you enter them on a page like that? Not that I’m a little bit concerned or anything…:uhh:
Not that I’m a little bit concerned or anything…
be afraid, be VERY afraid…
I don’t think the odds really matter. Only play the odds when you can afford to lose. Probably nobody was filtering the transmitted data… but then, you never know. If someone was filtering net traffic for credit card number strings you could be vulnerable. :eek:
I wonder how long it had been like that?
If it was like that for a while, then there is a good chance some credit card details go leeked.
Chillblast could get in trouble for that.
Hmmm…well if random shopping sprees start to appear on my statement, at least I know where it’s come from.
don’t mean to scare you but that hole has been know for some time…
Originally posted by Apex
don’t mean to scare you but that hole has been know for some time…
What do you mean mate?
Is this just scaremongering Apex, or do you know something I should also know? If you did know about it, why have you not said anything before, when you know we all shop online from hardware retailers?
I have contacted Thawte with regards to this matter, as I’m not overly impressed.