*URGENT* semi encrypted web pages

Can malware be used to prevent a page from being fully encrypted?

Visited a site through tor browser and didn't show any warnings, then when I returned it said some of this site may not be encrypted...could a bad node intercepted the SSL certificate and adjust it to change the encryption?

 

Not all websites use full SSL/TLS encryption means.This happens due to some websites chosing not to for performance reasons. Sometimes static content that is not specific to the user or transaction in question is not private and usually delivered through a non-crypted front server or separate server instance with no protection.

 

But why does it only occasionally show the warning? And as I understand it if not all data is secure there are ways to unencrypt that which has been encrypted?

 

I am unsure what the website in question was, or how you returned to it, though it sounds like you had an encrypted session going with the website, and closed out of the session only to return and redirected to perhaps an unencrypted main page? I know by default the Tor bundle does not keep cookies after a session is closed.

Could the unsecure information be used to make inferences about the encrypted connection? Absolutely. Can it be used to decrypt a session? No it cannot.

 

Credit card info was sent, will it be safe or should I cancel the card?

-http://store.origin.com/store/easa/en_IN/cat/battlefield/categoryID.12438300-

The section to enter the credit card info is HTTPS and was when I visited but occasionally it gives a warning message saying not all info is encrypted

 

Also if I open the page info in firefox it shows everything is being sent by https: yet still give the error??

*sorry for double post but would not let me edit last post*

 

You're card information appears to be safe, well safe in transit anyway the site does use proper ssl for payment. I noticed the site does not support SSL natively and if you are using HTTPS everywhere or some variation to that add-on, browser alerts are triggered. I would highly advise you to weigh risks of sending PII/PHI/Financial information over Tor. Tor is meant for anonymity not privacy, and if such information is being passed to a server, anonymity is not achieved either and Tor is not needed and puts the user at greater risk.

 

On another thread I read that SSL secures the info from the exit node and tor itself secures the data through the other nodes, so it should be secure?

Was using tor to bypass a regional block on the website, it was that or a public proxy

 

Pages that require the end user (you) to enter PII and banking information utilize valid certificates and whole page encryption sessions. The Tor exit node would not have sniffed any financial information in clear text.

 

Thank you for your assistance, I was/am really worried.

 

What are you still concerned about? I'd be more than happy to help you understand any concepts you are unsure or clear about.

 

Thanks but you have answered all the questions I had. Again, thank you, I really appreciate your help.