I agree with you on this. This is ridiculous that my Full Name, Address, Phone number, school name, and DATE OF BIRTH, are transmitted and entered in absence of SSL and in plain text to the site. When I signed up for the site and paid, I never noticed, but going back in and trying to make a new account, I notice this as well. In today's environment every sign up page and sign in page should include SSL. The funny thing is, the site is even equipped to handle SSL. Try going to https://www.straighterline.com/site/create-account.cfm or https://www.straighterline.com/site/login.cfm . It will open in SSL. However by default it loads in standard http without encryption. Why would a company be so careless about their customers personal information?
Thread Rating:
Straighterline security holes - no SSL/TLS encryption?!?!
|
« Next Oldest | Next Newest »
|
Users browsing this thread: 2 Guest(s)