| Archive for Downsizer For an ethical approach to consumption |
| Bugs |
How can you tell if a site is secureI went to place an order on a site last night; just about to fill in my credit card details when I realised there was no padlock symbol anywhere on my browser which seemed odd to me.I looked on the Page Info bit on Firefox and the security tab and it says Web Site Identity not Verified and then below that Connection not Encrypted, Website....does not support encryption for the page you are viewing. This morning I have emailed the company, which is a site I know quite a few people (possibly here, as well) have used. Any thoughts, does it sound really shifty or is there something I have not spotted? I don't know if I should say which site it is? |
||
| sally_in_wales |
I thought that if the addy started with https, rather than http it was supposed to be secure? | ||
| Bugs |
Ah yes, that was the other thing, I thought that too.
It doesn't 
Not looking good for poor old site... |
||
| Mrs Fiddlesticks |
Sometimes you have a message that says their security certificate or similar has expired. Is it that?
But I'd ring them all the same! |
||
| jema |
Site security is IMHO an overrated gimmick. there has *never* been to my knowledge a case of credit card details being pulled by criminals as they are transmitted.
Do you worry about your phone being tapped when you give details over the phone? |
||
| Treacodactyl |
Re: How can you tell if a site is secure
The site in question does state is uses SSL (Secure Sockets Layer?) and when using IE5 with 128bit encryption the shopping cart wouldn't display. How do you know the link is SSL? |
||
| dougal |
Terminology, terminology, technology...
If you make an SSL connection to a site, your browser should indicate that to you - conventionally with a padlock symbol. It is a *convention* that a site requiring an SSL connection would have an httpS name. But this doesn't seem to be absolutely *required*... http://www.webopedia.com/TERM/S/SSL.html However Bugs' original question was "How can you tell if the site is secure?" The padlock tells you whether the *connection* is secure (ie the data passing over the public internet is encrypted, rather than being sent as ordinary easily readable text) - but that doesn't guarantee that the *site* itself is secure... The difference with the net is that it *may* be much easier to establish a convincing "front" (from wherever in the world), and then disappear. When you give your credit card details over the phone, that is not encrypted - and so potentially open to evesdropping, and you have no guarantee whatsoever of the security of whoever you are giving your details to... 
I'd suggest that if a site dealing with money can't impliment a secure connection, then there's more chance that those guys may be rather lax in other areas of security. |
||
| Treacodactyl |
Problem solved. The site is using frames (not sure if that's the correct tech term) and always thinks it's http://www.brisa.fi/start3.html. If I right click and look at the properties and cut and paste where it thinks I am into an new tab or browser then I do see the padlock! Not seen a site like this before but I'm now happy to order from them. Thanks for the help and if anyone wants a more detailed explanation please ask. | ||
| jema |
You should probably tell them! | ||
| Treacodactyl |
It was sorted over on a forum they use and I have PMed them advising that other people may not order if they don't see the padlock and secure message. Hopefully if anyone has a problem then the thread will help them until the site is amended. |