+- Online Degrees and CLEP and DSST Exam Prep Discussion (https://www.degreeforum.net/mybb)
+-- Forum: Main Category (https://www.degreeforum.net/mybb/Forum-Main-Category)
+--- Forum: General Education-Related Discussion (https://www.degreeforum.net/mybb/Forum-General-Education-Related-Discussion)
+--- Thread: Straighterline security holes - no SSL/TLS encryption?!?! (/Thread-Straighterline-security-holes-no-SSL-TLS-encryption)
Pages:
1
2
Straighterline security holes - no SSL/TLS encryption?!?! - jam123 - 01-24-2012
I just now noticed that Straighterline is not using any type of encryption when I sign into my account. I have a lot of personal information there and being sent in plain text is a big problem for me. Anyone can intercept my data and steal it.
Anyone else notice this?
Straighterline security holes - no SSL/TLS encryption?!?! - RugbyMan187 - 01-24-2012
Good point, I never looked at that. Thats something to call about.
Straighterline security holes - no SSL/TLS encryption?!?! - marianne202 - 01-24-2012
Wow, I usually look very closely at that, but never did with SL. I agree that is very scary, especially with all the info they require such as SS# and CC#. In this day and age it is very irresponsible to collect that type of data without ensuring it is secure. Great catch, thanks for posting!
Straighterline security holes - no SSL/TLS encryption?!?! - scorched - 01-24-2012
Kinda odd that they tout being secure with that little McAfee icon, but then realize it just means they are not and don't link to malicious sites.
All i know is that in addition to SSL not being there, my error console is literally full of messages for some simple problems with their jquery css, which could be why the SSL is not working.
Straighterline security holes - no SSL/TLS encryption?!?! - ryoder - 01-26-2012
HTTPS costs more
Straighterline security holes - no SSL/TLS encryption?!?! - dcan - 01-26-2012
So, broken or negligence? If the latter they are putting their customers' livelihoods at risk.
Although in this day and age you should lock down your credit reports and subscribe to a "monitoring" service anyway.
Straighterline security holes - no SSL/TLS encryption?!?! - scorched - 02-01-2012
You might get a kick out of their response, they do have https. Not when you login, but only after you add something to your cart and go to pay for it does it switch to HTTPS.
So I informed them, they have a legal obligation to protect private data, and are subject to lawsuit if they are not protecting the moment we login and that there is no way I was going to spend any money with them until they fix it.
Which is sad because they finally released the physics I & II which is what I have been waiting on for months!! And my intent was to take CalcI &II, Phy I &II, as well as Eng Comp II.
It's there loss not mine, I can clep or take correspondence elsewhere if they can't fix it.
Straighterline security holes - no SSL/TLS encryption?!?! - brajalle - 02-01-2012
Not going to make excuses for companies that don't use HTTPS properly, but I purposefully have a CC provider who will issue temporary CC#'s for this very reason. I use it on all sites that aren't major internet retailers.
Straighterline security holes - no SSL/TLS encryption?!?! - scorched - 02-03-2012
Below is their response.
Lets hope the comment about adding courses and features will take a temporary back seat to security.
But note they are trying to add remote proctoring via webcam, I have not seen them announce this prior, so at least we know good things might be coming for those willing to risk the security issues.
Thanks for your feedback. We're sorry that you are not satisfied with your experience with StraighterLine, because we'd love to have you as a customer.
We've passed your technical concerns and recommendation along to our IT team and your suggestion has been added to the development cue. Since we are busy adding new courses and lots of other features -- including remote proctoring by webcam -- we cannot yet estimate when the change you've requested will be implemented, but we definitely appreciate your feedback.
Our students' data security is very important to StraighterLine. Please let us know if there's any other way we can help.
Straighterline security holes - no SSL/TLS encryption?!?! - IgnazSemmelweis - 02-03-2012
No real excuse for this. SSL certs aren't prohibitively expensive and aren't difficult to install.