If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#11
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Sharkbait wrote:
Mr. Travel wrote; When you look at the URL, you are looking at the URL for the page you just RECEIVED. This isn't address of where the data goes when you enter it. You misunderstanding of how things work is not a reason to accuse them of being unsecure. The non-techno-geeks among us use something like the following taken off the Indiana University, Univ. Information Technology Services website: http://webmaster.iu.edu/tool_guide_info/ssl.shtml and I quote: " How do I know if my browser is communicating with a secure server? a.. Your browser may notify you before displaying the page b.. A 'lock' symbol may appear in 'locked' position on your browser c.. The URL will have 'https:' at the beginning. " I am sure there are plenty of other similar citations out there. The majority of us lay people don't have all of your assumed knowledge of Internet security. Fewer of us run Network General's Sniffer application on our laptops to determine and detect that we are transmitting data through a redirected, secure link using SSL. I can assure you that US Air's website provides none of the above standards to notify you that you are communicating with a secure server. The fact that I am communicating with Points.com makes me feel even more insecure. It allows US Air to pass the buck if something goes wrong and Points.com to push me back to US Air for financial loss. That is the bottom line. Before anyone tells me to call US Air and buy the miles over the phone, the discount through the end of March only applies to the purchase of miles through the website. All of what you say about signs of a secure site might be true, however this does not change the fact that when you enter the data on the page you linked to, the data is sent to a secure website using HTTPS. The data is not sent via HTTP. The end result is your original statements, about the data not being secure and the mention of lack of an SSL certificate, were incorrect. I didn't use a sniffer to determine where the POST was going. I verified it with http watch. You don't require a network general sniffer to look a packets. Wireshark/Ethereal is free and runs on Windows too. I think it might be worth mention to US Airways that although the data ia sent via HTTPS, the GET request to get the form is sent in plain text, which led you to believe that sending the data was not secure. |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
U.S. Airways Dividend Miles e-mail | Gary[_2_] | Air travel | 0 | February 21st, 2007 04:17 AM |
Retiring to cheaper climes? Caveat emptor | Earl Evleth | Europe | 14 | March 12th, 2006 09:31 PM |
Caveat Emptor on Shore Excursions | mark hunacek | Cruises | 5 | April 8th, 2004 12:42 AM |
Settled: US Airways was fair. (was US Airways is predatory. My advice: Do not fly on US Airways.) | Ray Lozano | Caribbean | 0 | September 16th, 2003 08:53 PM |