CompTIA membership: insecure forms

kool4caatskool4caats Member Posts: 6 ■□□□□□□□□□
I wanted to schedule my Security+ exam for 2 weeks time, and was looking into getting CompTIA membership. It seemed a no-brainer because I would get a 25% discount from my next exam, which is near enough what it cost to join. I went to comptia.org and followed the link through to the membership page.

I filled out the first two forms and then completed the form asking for my credit card details. I thougth I'd better just check that the page was secure, but to my horror it was just a plain http page, and the form also submits to a http page. I'd nearly sent my credit card details in the clear! How ironic from an organisation I am going to spend a lot of money to get a security certification with!

I sent an email to them last night, and have not had a reply from them all day today. Is there something I'm missing? The link is at the bottom of this page at http://itpro.comptia.org/

Comments

  • BeaverC32BeaverC32 Member Posts: 671
    Manually edit the URL to https and reload the page...voila, you are now using SSL.
    MCSE 2003, MCSA 2003, LPIC-1, MCP, MCTS: Vista Config, MCTS: SQL Server 2005, CCNA, A+, Network+, Server+, Security+, Linux+, BSCS (Information Systems)
  • kool4caatskool4caats Member Posts: 6 ■□□□□□□□□□
    Yeah.. I did notice that it responded on https as well, but the fact they've allowed it to work through http by default is bad, in my opinion.
  • dynamikdynamik Banned Posts: 12,314 ■■■■■■■■□□
    Yea. That's pretty odd. You're ok as long as the page the form submits to is https (which I just assumed would be the case), so I went and took a peak at the HTML. Sure enough, the form submits to itself for processing, so there is no HTTPS. Good observation!
Sign In or Register to comment.