Public Service Announcement

This Public Service Announcement brought to you by incompetent web developers. Please note that putting a little sign that says “this site is secure” does not make that site secure.

insecure

When I click on the little informational icon to the left of the URL, I can plainly see that the site is NOT secured. Thus, anything entered on the page can be intercepted between my web browser and the server that’s supposed to be collecting the information. And when I try to go to an https:// version of the site, I get told exactly why the site isn’t secure:

insecure

That’s right: the site might have been secure, except that the certificates that the web developer tried to use to secure it were not registered to the website, but to some other website. Security doesn’t work that way, folks.

The PSA portion of this post, now: everybody should know to click that little icon, to the left of the URL, any time a website is asking you for information that you wouldn’t want to broadcast to every criminal in the world. And if you get told anything that seems like the site isn’t right, you should leave.

Personally, I contacted the site owner and told them to slap their web developer (literally: I told them that their web developer needs a sharp slap, for trying to play this off as secure when it’s not). In doing so I told them my name and email, but hey, that’s publicly available, so no harm. Other than that, though? Not giving them any of my information, and certainly not giving them my credit card number!

Be careful out there, folks. Just because the website looks slick doesn’t make it trustworthy.

-D

ps: I blacked out the name of the website, because this isn’t about them. I suppose it also serves to protect the incompetent, but hey, I’ve already sent them a nasty note, so there’s no need for public shaming.

Leave a Reply