Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsOff topicTrade Me unsecure?
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
itxtme
2102 posts

Uber Geek
+1 received by user: 557


  #884557 26-Aug-2013 11:13
Send private message

Can someone explain to me the worst case scenario of this particular page not being encrypted?? I would have thought all of the information is publicly available anyway, from this page.



freitasm
BDFL - Memuneh
80662 posts

Uber Geek
+1 received by user: 41086

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #884561 26-Aug-2013 11:17
Send private message

Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

scowie
2 posts

Wannabe Geek


  #884575 26-Aug-2013 11:41
Send private message

Nope, it's a different page, you can try it here


Jebus, so they manage to use ssl in one place but not the other.



Zeon
3926 posts

Uber Geek
+1 received by user: 759

Trusted

  #884605 26-Aug-2013 12:28
Send private message

freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.




Speedtest 2019-10-14

sleemanj
1514 posts

Uber Geek
+1 received by user: 315


  #884646 26-Aug-2013 13:17
Send private message

Zeon:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.


Geekzone users know better, but Joe Public is quite likely to be accessing trademe and use this page over random wifi networks for a start :-)




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

1080p
1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  #884710 26-Aug-2013 14:27
Send private message

sleemanj:
Zeon:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.


Geekzone users know better, but Joe Public is quite likely to be accessing trademe and use this page over random wifi networks for a start :-)





This would be hilarious to demonstrate over TradeMe's free wi-fi in Wellington. :)

 
 
 
 

Shop now on Samsung phones, tablets, TVs and more (affiliate link).
freitasm
BDFL - Memuneh
80662 posts

Uber Geek
+1 received by user: 41086

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #884828 26-Aug-2013 16:31
Send private message

I am told this has now been fixed by Trade Me. Anyone care to check please?




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

sleemanj
1514 posts

Uber Geek
+1 received by user: 315


  #884840 26-Aug-2013 16:43
Send private message

freitasm: I am told this has now been fixed by Trade Me. Anyone care to check please?


Yes, fixed.




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

itxtme
2102 posts

Uber Geek
+1 received by user: 557


  #884952 26-Aug-2013 20:10
Send private message

freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased..  Thats why I thought it was somewhat out of proportion..

kyhwana2
2572 posts

Uber Geek
+1 received by user: 233


  #884962 26-Aug-2013 20:30
Send private message

itxtme:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased..  Thats why I thought it was somewhat out of proportion..


As per the OP screenshot, they'd already chosen the credit card option? Even if the iFrame is SSL, it doesn't matter since the actual page is loaded over HTTP and you can just replace that iframe with whatever you want when you MITM someone. (2degree's used to have this problem with their topup page too)

sleemanj
1514 posts

Uber Geek
+1 received by user: 315


  #884963 26-Aug-2013 20:34
Send private message

itxtme:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased.


No.  The page where you entered your CC details, and the url that form submitted to was not SSL secured in any way.

From what I can see only applied to MQL (Multi Quantity Listings) with Pay Now as an option (which switches on the "new" integrated checkout process introduced last month).




---
James Sleeman
I sell lots of stuff for electronic enthusiasts...

 
 
 
 

Shop now for Dyson appliances (affiliate link).
grasshoper

164 posts

Master Geek
+1 received by user: 6


  #884967 26-Aug-2013 20:48
Send private message

yep, definitely fixed. Glad to see trademe listening to the public :D

PaulBags
809 posts

Ultimate Geek
+1 received by user: 184
Inactive user


  #884980 26-Aug-2013 21:22
Send private message

Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.

lyonrouge
1993 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  #990493 19-Feb-2014 14:28
Send private message

PaulBags: Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.


They requested I login and update my address valuidation, but it's still unencrypted. I wonder if their mobile application is also unencrypted? Is their a way to tell?

kenkeniff
628 posts

Ultimate Geek
+1 received by user: 88


  #990504 19-Feb-2014 14:51
Send private message

lyonrouge:
PaulBags: Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.


They requested I login and update my address valuidation, but it's still unencrypted. I wonder if their mobile application is also unencrypted? Is their a way to tell?


Wireshark

1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright