Big Problems with Axxess SSL Security

S

steed

Well-Known Member
Joined
Mar 26, 2005
Messages
112
Reaction score
0
axxess.co.za is collecting sensitive personal information on a page that is NOT ssl secured (absolutely no certificate) and claims to be Thawte secured. This is very bad as the average consumer is being mislead never mind the fact that sensitive personal information is being collected insecurely. What do you guys think ?

I have sent this complaint to Thawte Abuse and Axxess support. Now we see if they serious enough.

See screenshot here http://img183.imageshack.us/img183/5472/axxess.jpg
 
I agree.
One thing i would just be interested to see is that the sign up is in a "pop up". What i wanna know is that "pop up" a new iframe or is it part of the parent page?
 
it would seem axxess is not having a good time of late
 
I wouldn't be so quick - they seem to be resellers for adsl.co.za
they simply present the interface in a frame (not the best practice) but the contents of the frame lok legit to me: https://www.adsl.co.za/client/signup?ServiceTypeId=109


edit: axesss seem to own the adsl.co.za domain - so they're not resellers.
 
Last edited:
reech said:
I wouldn't be so quick - they seem to be resellers for adsl.co.za
they simply present the interface in a frame (not the best practice) but the contents of the frame lok legit to me: https://www.adsl.co.za/client/signup?ServiceTypeId=109
Click to expand...

Yea i thought so reech.
It does really look dodgy. Axxess really needs to rethink that interface.
Is there a online forum contact that we can let know?
 
heh must be all part of their super cost saving ideas.... ;)
 
I hate to say... but from what i have seen on their website the data is sent from your browser to their server using SSL. (this may get technical) If you look at the <form> tag on their page, the action is to an https URL and therefore the data will be encrypted.
 
the thing is if its an iframe or fancy ajax or whatever, if the source page that hosts it isnt secure, you can have interaction between the objects, and from the users perspective, its not secure, so its bad practise, and deff NOT recommended in the industry
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X