myfavouritemagazines payment page partially encrypted

Comments, suggestions and questions about Linux Format magazine and the coverdiscs

Moderators: ChrisThornett, LXF moderators

myfavouritemagazines payment page partially encrypted

Postby Fíona » Mon Feb 17, 2014 9:28 pm

I was going to fill in my credit card details on the renewal page of the My favourite magazines website when I noticed a warning icon in the url field.
Apparently the site is partially encrypted.

"Parts of the page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by other people while it is in transit."

Should I really fill in credit card details on this page?
Fíona
 
Posts: 56
Joined: Sun Mar 09, 2008 5:29 pm
Location: Netherlands

Postby pastychomper » Tue Feb 18, 2014 1:27 pm

Depending on your browser, you might be able to right-click on part of the page and get security details for that area. A lot of sites encrypt only a small frame containing the password/card details/whatever, or alternatively encrypt most of the page but leave an unencrypted area for adverts. Personally I wish they would do all or nothing as it makes it much easier to be sure. :P

The encrypted parts should be just as secure as if the whole page was encrypted. The fact that there's less to decrypt may be an advantage to some potential crackers, but then again having less information can make codebreaking harder.
pastychomper
 
Posts: 52
Joined: Wed Apr 07, 2010 10:54 am

Postby Fíona » Wed Feb 19, 2014 9:11 am

Thanks for your reaction Pastychomper. I agree with you to a point, namely, we don't know which parts of the page are encrypted. We assume or hope that the vital parts ie bank details, are encrypted but we don't know.
I found some information from Firefox (the browser I use) http://mzl.la/MDvkxK
"When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't."

This would seem to be the case with myfavouritemagazine's subscription page, with a blocked content icon and the warning triangle icon.
Fíona
 
Posts: 56
Joined: Sun Mar 09, 2008 5:29 pm
Location: Netherlands

Postby nelz » Wed Feb 19, 2014 9:47 am

Somewhere in the HTTP standards it states that is a page is served over SSL, all content on that page must also be served over SSL.

I suspect that the non-SSL content is from the ad servers, but that should not happen. Try installing Ghostery, if it's available for Firefox - I use it on Chromium, or one of the ad-block extensions to see what it tells you.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8518
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby Fíona » Wed Feb 19, 2014 12:27 pm

Hi Nelz and thanks for your reaction.
Ghostery tells me that on the payment page that it finds 4 trackers
Digital Analytix Analytics
Google Analytics Analytics
Maxymiser Beacons
SaleCycle advertising

but this doesn't help me to understand if my credit card details are being transmitted encrypted and unfortunately myfavourite mags are only responding with automated replies to my mails, up to now.
Fíona
 
Posts: 56
Joined: Sun Mar 09, 2008 5:29 pm
Location: Netherlands

Postby nelz » Wed Feb 19, 2014 3:42 pm

Fíona wrote:but this doesn't help me to understand if my credit card details are being transmitted encrypted


No it doesn't, which is why mixing HTTP and HTTPS on one page is wrong.
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
User avatar
nelz
Site admin
 
Posts: 8518
Joined: Mon Apr 04, 2005 11:52 am
Location: Warrington, UK

Postby Fíona » Thu Feb 20, 2014 5:37 pm

This is the answer from Future magazines:

"How secure are my credit card details?

Rest assured all your details are safe with us. All transactions are performed on a secure web server.

All information you provide is encrypted (scrambled) using the industry standard SSL (Secure Socket Layer) technology provided by Verisign. So when you submit an order online, nothing can be read as it travels down the secure line. Your details are then applied to our subscription system, which resides in a completely separate, unlinked area, away from our internet pages."

Would this reassure you?
Fíona
 
Posts: 56
Joined: Sun Mar 09, 2008 5:29 pm
Location: Netherlands

Postby oldpenguin » Sun Feb 23, 2014 8:30 pm

I pulled the plug on my modem once when I had a familar "blink" of my desktop.
Discovered a snapshot of my screen in /tmp. There was nothing all the private, so
when the modem resynced, the snapshot was gone. YEAH, I'd be very careful.
oldpenguin
 
Posts: 36
Joined: Tue Feb 12, 2013 10:06 am
Location: New England, USA


Return to Magazine and coverdiscs

Who is online

Users browsing this forum: No registered users and 0 guests