PDA

View Full Version : Buying Platinum is STILL unsecure



Lochar
05-01-2014, 04:03 PM
Each patch, I keep testing your Buy Platinum link.

Each patch, it still does not redirect to an HTTPS link.

Yes, I realize it's a HTTPS iframe inside the HTTP webpage. Doesn't mean jack. If the HTTP page is compromised, an adversary can redirect the HTTPS iframe to wherever the hell they want.


Since the webpage can be put to https without issue (I've bought platinum this way), can you PLEASE update the button to automatically make a secure connection?

Mejis
05-01-2014, 05:33 PM
Yeah I'd like to see this too.

I'm not particularly savvy, but when I clicked the link and didn't see the secure icon on the Chrome browser address bar, I closed the tab and decided I'll buy some plat later when I feel more comfortable.

Yes I know I can use paypal and all should be fine, but I'd still rather see some comforting security info.

Zomnivore
05-01-2014, 05:55 PM
If you can figure it out, then there really is no excuse.

I bet its a case of they're swamped... but ya. That needs to happen very quickly.

Kitsune
05-06-2014, 01:27 PM
The thing is, it's stupidly easy to set up a website to require SSL. I set it up on my server in just like five minutes; whenever a user attempts to browse my website insecurely it automatically redirects them to a https url and encrypts the connection. There's no excuse for any professional webmaster to not have this configured on their website.

Showsni
05-06-2014, 02:16 PM
Maybe they just want to avoid Heartbleed by not having any SSL set up? :D

nicosharp
05-06-2014, 02:18 PM
I was taken to an Https paypal link yesterday. I was fine with that. Didn't turn the link green in firefox like it should for assured protection, but I felt safe enough to proceed.

Chark
05-06-2014, 02:19 PM
This is fixed.