Insecure order page?

Hi folks,
I just went to order your excellent product on the order page:
https://www.geosecure.net/~nod32/nod32_ava_ssl/nod32_order_1_ssl.htm4564

all went OK, but when I went to submit the order I was presented with a warning:

'Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party'

I'm using a pretty plain Firefox browser (1.0.4) and guess that other potential customers might be put off when they see this message on their browsers. Perhaps you could send the form to your cgi script using an https url instead...

regards,
Peter

 

How did you reach this order page? Are you purchasing from the main Eset website, from a reseller, ...?

 

don't buy from an insecure page, it's just un-necessary!

Many resellers have fully secured purchasing options.

regards

Greg

 

Seems that page may have been taken down? At least I can't access it at the moment....

 

The actual link is this:

https://www.geosecure.net/~nod32/nod32_ava_ssl/nod32_order_1_ssl.htm

The Support Center and Home Page buttons direct you to http://www.nod32.com.au

 

The offending page hops though an INSECURE page, to another secure one...

<form onSubmit="return checkrequired(this)" name="ONLINE ORDER" action="http://216.234.172.23/cgi-bin/mmsForm.cgi" method="POST">
<input type="hidden" name="next-url" value="
https://www.geosecure.net/~nod32/nod32_ava_ssl/nod32_confirm.htm">

The ip 216.234.172.23 belongs to Terrabyte hosting out of Alberta, Canada - but the nslookup of this IP shows it as mainlink.net.au - if it were me - I would not put my card details into such a form... it is NOT secure, and given the IP address, rather than a named server - there is a REMOTE possibility that it might be hijacked. Instead of using this form - phone your order through and tell them that the form is seriously messed up...