Insecure order page?

Discussion in 'NOD32 version 2 Forum' started by pshanks, Jul 21, 2005.

Thread Status:
Not open for further replies.
  1. pshanks

    pshanks Registered Member

    Joined:
    Jul 21, 2005
    Posts:
    3
    Hi folks,
    I just went to order your excellent product on the order page:
    https://www.geosecure.net/~nod32/nod32_ava_ssl/nod32_order_1_ssl.htm4564

    all went OK, but when I went to submit the order I was presented with a warning:

    'Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party'

    I'm using a pretty plain Firefox browser (1.0.4) and guess that other potential customers might be put off when they see this message on their browsers. Perhaps you could send the form to your cgi script using an https url instead...

    regards,
    Peter
     
  2. alglove

    alglove Registered Member

    Joined:
    Jan 17, 2005
    Posts:
    904
    Location:
    Houston, Texas, USA
    How did you reach this order page? Are you purchasing from the main Eset website, from a reseller, ...?
     
  3. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    don't buy from an insecure page, it's just un-necessary!

    Many resellers have fully secured purchasing options.

    regards

    Greg
     
  4. NOD32 user

    NOD32 user Registered Member

    Joined:
    Jan 23, 2005
    Posts:
    1,766
    Location:
    Australia
    Seems that page may have been taken down? At least I can't access it at the moment....o_O

     
  5. Firecat

    Firecat Registered Member

    Joined:
    Jan 2, 2005
    Posts:
    7,927
    Location:
    The land of no identity :D
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    The offending page hops though an INSECURE page, to another secure one...

    <form onSubmit="return checkrequired(this)" name="ONLINE ORDER" action="http://216.234.172.23/cgi-bin/mmsForm.cgi" method="POST">
    <input type="hidden" name="next-url" value="
    https://www.geosecure.net/~nod32/nod32_ava_ssl/nod32_confirm.htm">

    The ip 216.234.172.23 belongs to Terrabyte hosting out of Alberta, Canada - but the nslookup of this IP shows it as mainlink.net.au - if it were me - I would not put my card details into such a form... it is NOT secure, and given the IP address, rather than a named server - there is a REMOTE possibility that it might be hijacked. Instead of using this form - phone your order through and tell them that the form is seriously messed up...
     
Thread Status:
Not open for further replies.