Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
1627 posts

Uber Geek
+1 received by user: 276

Subscriber

  Reply # 884557 26-Aug-2013 11:13
Send private message

Can someone explain to me the worst case scenario of this particular page not being encrypted?? I would have thought all of the information is publicly available anyway, from this page.

BDFL - Memuneh
61521 posts

Uber Geek
+1 received by user: 12241

Administrator
Trusted
Geekzone
Lifetime subscriber

  Reply # 884561 26-Aug-2013 11:17
Send private message
2 posts

Wannabe Geek


  Reply # 884575 26-Aug-2013 11:41
Send private message

Nope, it's a different page, you can try it here


Jebus, so they manage to use ssl in one place but not the other.

3415 posts

Uber Geek
+1 received by user: 405

Trusted

  Reply # 884605 26-Aug-2013 12:28
Send private message

freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.





1255 posts

Uber Geek
+1 received by user: 161


  Reply # 884646 26-Aug-2013 13:17
Send private message

Zeon:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.


Geekzone users know better, but Joe Public is quite likely to be accessing trademe and use this page over random wifi networks for a start :-)







---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


1332 posts

Uber Geek
+1 received by user: 152
Inactive user


  Reply # 884710 26-Aug-2013 14:27
Send private message

sleemanj:
Zeon:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


Still pretty unlikely but not good either way.


Geekzone users know better, but Joe Public is quite likely to be accessing trademe and use this page over random wifi networks for a start :-)





This would be hilarious to demonstrate over TradeMe's free wi-fi in Wellington. :)

BDFL - Memuneh
61521 posts

Uber Geek
+1 received by user: 12241

Administrator
Trusted
Geekzone
Lifetime subscriber

1255 posts

Uber Geek
+1 received by user: 161


  Reply # 884840 26-Aug-2013 16:43
Send private message

freitasm: I am told this has now been fixed by Trade Me. Anyone care to check please?


Yes, fixed.





---
James Sleeman
I sell lots of stuff for electronic enthusiasts...


1627 posts

Uber Geek
+1 received by user: 276

Subscriber

  Reply # 884952 26-Aug-2013 20:10
Send private message

freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased..  Thats why I thought it was somewhat out of proportion..

2445 posts

Uber Geek
+1 received by user: 146


  Reply # 884962 26-Aug-2013 20:30
Send private message

itxtme:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased..  Thats why I thought it was somewhat out of proportion..


As per the OP screenshot, they'd already chosen the credit card option? Even if the iFrame is SSL, it doesn't matter since the actual page is loaded over HTTP and you can just replace that iframe with whatever you want when you MITM someone. (2degree's used to have this problem with their topup page too)


1255 posts

Uber Geek
+1 received by user: 161


  Reply # 884963 26-Aug-2013 20:34
Send private message

itxtme:
freitasm: Someone intercepting your credit card number, expiry, name and CCV in transit to TM servers?


I understood if you choose the credit card pay option it redirected to SSL, so the only details that could be intercepted would be what you purchased.


No.  The page where you entered your CC details, and the url that form submitted to was not SSL secured in any way.

From what I can see only applied to MQL (Multi Quantity Listings) with Pay Now as an option (which switches on the "new" integrated checkout process introduced last month).






---
James Sleeman
I sell lots of stuff for electronic enthusiasts...




149 posts

Master Geek
+1 received by user: 2


  Reply # 884967 26-Aug-2013 20:48
Send private message

yep, definitely fixed. Glad to see trademe listening to the public :D

810 posts

Ultimate Geek
+1 received by user: 191
Inactive user


  Reply # 884980 26-Aug-2013 21:22
Send private message

Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.

1990 posts

Uber Geek
+1 received by user: 20

Trusted
Lifetime subscriber

  Reply # 990493 19-Feb-2014 14:28
Send private message

PaulBags: Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.


They requested I login and update my address valuidation, but it's still unencrypted. I wonder if their mobile application is also unencrypted? Is their a way to tell?

563 posts

Ultimate Geek
+1 received by user: 89


  Reply # 990504 19-Feb-2014 14:51
Send private message

lyonrouge:
PaulBags: Would still appreciate secured logins & for https to not just redirect to http.

Oh well, I don't think much of trademe anyway. Been years since I bought anything there, and longer still since I sold anything.


They requested I login and update my address valuidation, but it's still unencrypted. I wonder if their mobile application is also unencrypted? Is their a way to tell?


Wireshark





1 | 2 | 3 | 4
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.