Linux Format forums Forum Index Linux Format forums
Help, discussion, magazine feedback and more
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

myfavouritemagazines payment page partially encrypted

 
Post new topic   Reply to topic    Linux Format forums Forum Index -> Magazine and coverdiscs
View previous topic :: View next topic  
Author Message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Mon Feb 17, 2014 9:28 pm    Post subject: myfavouritemagazines payment page partially encrypted Reply with quote

I was going to fill in my credit card details on the renewal page of the My favourite magazines website when I noticed a warning icon in the url field.
Apparently the site is partially encrypted.

"Parts of the page you are viewing were not encrypted before being transmitted over the internet. Information sent over the internet without encryption can be seen by other people while it is in transit."

Should I really fill in credit card details on this page?
Back to top
View user's profile Send private message
pastychomper



Joined: Wed Apr 07, 2010 11:54 am
Posts: 52

PostPosted: Tue Feb 18, 2014 1:27 pm    Post subject: Reply with quote

Depending on your browser, you might be able to right-click on part of the page and get security details for that area. A lot of sites encrypt only a small frame containing the password/card details/whatever, or alternatively encrypt most of the page but leave an unencrypted area for adverts. Personally I wish they would do all or nothing as it makes it much easier to be sure. Razz

The encrypted parts should be just as secure as if the whole page was encrypted. The fact that there's less to decrypt may be an advantage to some potential crackers, but then again having less information can make codebreaking harder.
Back to top
View user's profile Send private message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Wed Feb 19, 2014 9:11 am    Post subject: Reply with quote

Thanks for your reaction Pastychomper. I agree with you to a point, namely, we don't know which parts of the page are encrypted. We assume or hope that the vital parts ie bank details, are encrypted but we don't know.
I found some information from Firefox (the browser I use) http://mzl.la/MDvkxK
"When an HTTPS page has HTTP content, we call that content “mixed”. The page you are visiting is only partially encrypted and even though it appears to be secure, it isn't."

This would seem to be the case with myfavouritemagazine's subscription page, with a blocked content icon and the warning triangle icon.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8450
Location: Warrington, UK

PostPosted: Wed Feb 19, 2014 9:47 am    Post subject: Reply with quote

Somewhere in the HTTP standards it states that is a page is served over SSL, all content on that page must also be served over SSL.

I suspect that the non-SSL content is from the ad servers, but that should not happen. Try installing Ghostery, if it's available for Firefox - I use it on Chromium, or one of the ad-block extensions to see what it tells you.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Wed Feb 19, 2014 12:27 pm    Post subject: Reply with quote

Hi Nelz and thanks for your reaction.
Ghostery tells me that on the payment page that it finds 4 trackers
Digital Analytix Analytics
Google Analytics Analytics
Maxymiser Beacons
SaleCycle advertising

but this doesn't help me to understand if my credit card details are being transmitted encrypted and unfortunately myfavourite mags are only responding with automated replies to my mails, up to now.
Back to top
View user's profile Send private message
nelz
Site admin


Joined: Mon Apr 04, 2005 12:52 pm
Posts: 8450
Location: Warrington, UK

PostPosted: Wed Feb 19, 2014 3:42 pm    Post subject: Reply with quote

Fíona wrote:
but this doesn't help me to understand if my credit card details are being transmitted encrypted


No it doesn't, which is why mixing HTTP and HTTPS on one page is wrong.
_________________
"Insanity: doing the same thing over and over again and expecting different results." (Albert Einstein)
Back to top
View user's profile Send private message
Fíona



Joined: Sun Mar 09, 2008 5:29 pm
Posts: 56
Location: Netherlands

PostPosted: Thu Feb 20, 2014 5:37 pm    Post subject: Reply with quote

This is the answer from Future magazines:

"How secure are my credit card details?

Rest assured all your details are safe with us. All transactions are performed on a secure web server.

All information you provide is encrypted (scrambled) using the industry standard SSL (Secure Socket Layer) technology provided by Verisign. So when you submit an order online, nothing can be read as it travels down the secure line. Your details are then applied to our subscription system, which resides in a completely separate, unlinked area, away from our internet pages."

Would this reassure you?
Back to top
View user's profile Send private message
oldpenguin



Joined: Tue Feb 12, 2013 10:06 am
Posts: 31
Location: New England, USA

PostPosted: Sun Feb 23, 2014 8:30 pm    Post subject: Reply with quote

I pulled the plug on my modem once when I had a familar "blink" of my desktop.
Discovered a snapshot of my screen in /tmp. There was nothing all the private, so
when the modem resynced, the snapshot was gone. YEAH, I'd be very careful.
Back to top
View user's profile Send private message
View previous topic :: View next topic  
Display posts from previous:   
Post new topic   Reply to topic    Linux Format forums Forum Index -> Magazine and coverdiscs All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
Linux Format forums topic RSS feed 


Powered by phpBB © 2001, 2005 phpBB Group


Copyright 2011 Future Publishing, all rights reserved.


Web hosting by UKFast