[Gloucs] Login site of Worldpay.com
Christian Trapp
Christian.Trapp at gmx.net
Thu Dec 1 11:45:21 GMT 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello all!
I know, this is probably off topic, but hopefully, somebody can help me.
I just wondered about the login page for worldpay.com. It is not
encrypted (no https protocol) for the user account, so I wrote them
to make sure it is safe. I got an answer, please read below:
Especially the following part, I think is not true.
= I understand that you are concerned about the security of our
payment page
= and I would like to assure you that even though a padlock icon is not
= displayed, our payment page is still secure. The padlock icon does not
= show when you are navigating a website which uses frames.
After the login page when you have filled in the Username and
Password, you are on a https website with all the account details and
the padlock shows up. That is how it should be. But the information
(username and password) of the login site is visible for everybody on
the internet and can be used to login and modify or steal informations
there. I don't think this makes sense. The other thing is, I cannot
see in the source code of that site, that it has frames anyway. There
is a java script that makes it probably safe. But normally everybody
is advised not to fill in websites that does not showes a padlock.
You find the site here
http://www.worldpay.com/shopper/index.php?page=account
So my questions probably someone can answer: Is this statement above
true, that even without the padlock nobody can get the username and
password while transmitted over the internet? Is it true the site is
safe probably through this java script?
If this subject is too off topic, please ignore it and I apologize.
For any answers and ideas thank you in advance.
Best regards
Christian
- --
This is a signed email, and the signature allows a recipient to check
that I am, indeed, the author.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFDjuF/DcwkxcFMxHURAthBAJ9vQ5POh3ffdRPO6eh0E4VUVe7BHgCggR6L
N2goReAixuEhKp59oP9nIIk=
=Qpwx
-----END PGP SIGNATURE-----
More information about the gloucs
mailing list