no https for spyderco website?

Spirch

Spirch

Joined
Apr 4, 2012
Messages
536
i would like to order 2 mule but since i need to create a new account and the fact that there is no secure way to create one...

i think i will skip it...

i'm not going to give my address and my birthday over unencrypted connection (i do hope for the payment you do use https I didn't go that far)
 
He wants to already be on a secure site while he creates an account to get on the secure site. Good luck with that anywhere. Phone lines aren't secure, either. I guess he'll either have to drive to the SFO or do without.
 
yablanowitz said:
he wants to already be on a secure site while he creates an account to get on the secure site. Good luck with that anywhere. Phone lines aren't secure, either. I guess he'll either have to drive to the sfo or do without.
Click to expand...

Some people :D
 
you can type https yes and it will work but do you see a little lock or ssl certificate that say "secure"?

i'm not asking for the moon, ssl certiticate can be bought for less than 100$ for a year...

go to any commercial website that ask that kind of information and look by yourself what kind of connection you will use
 
I guess I'm just confused why you felt the needed to start a thread about this? Are you using TOR networks for everything you do on teh interwebz? Are you using PGP for all of your email communications?
 
yablanowitz said:
He wants to already be on a secure site while he creates an account to get on the secure site. Good luck with that anywhere. Phone lines aren't secure, either. I guess he'll either have to drive to the SFO or do without.
Click to expand...

The-Stig said:
If someone really wants your credit card, they can get it. You won't get your number stolen from signing up at Spyderco.

Also, have you tried this? https://www.spyderco.com/

It works for me.
Click to expand...

Yes, specifying HTTPS works. And yes, it would be very good practice for Spyderco to get the certificate. The chances that somebody will try to impersonate their site is very low, but it's an expectation for any online business.
 
Agreed, any website set up to have a login system, perform sales transactions, collect information such as name, address, credit card number, etc. should meet minimum standards for web based security. There are laws and regulations to encourage this, but they are not enforced strictly which is why so many companies are getting hacked these days.

When using their checkout system, the lock does not show up in some browsers because they source some content on the page without using HTTPS. Some people may be OK and accept the risks involved with performing insecure financial transactions online, but that does not mean that everyone is or should.

An account on their system requires a password with a maximum of 8 characters, which indicates some pretty severe security issues. Anyways, you got me off on a tangent, why are we talking about this here?
 
KNaB said:
I guess I'm just confused why you felt the needed to start a thread about this? Are you using TOR networks for everything you do on teh interwebz? Are you using PGP for all of your email communications?
Click to expand...

+100. Seriously, if your that concerned about encrypting your traffic, you would already be using a 3rd party tool such as a TOR client and a VPN. You can always pay 150 or more each on flea bay after people receive them and as others suggested, there is this old school technology called a telephone that works wonders. :)
 
CR33 said:
+100. Seriously, if your that concerned about encrypting your traffic, you would already be using a 3rd party tool such as a TOR client and a VPN.
Click to expand...

Using TOR and a VPN may provide anonymity, but it does not make up for lack of HTTPS, which provides a secure connection directly to the endpoint/web server.
 
Spirch said:
i would like to order 2 mule but since i need to create a new account and the fact that there is no secure way to create one...

i think i will skip it...

i'm not going to give my address and my birthday over unencrypted connection (i do hope for the payment you do use https I didn't go that far)
Click to expand...

https://www.spyderco.com/catalog/customer2.php works fine for me. Does it not for you?

Now that we are at it, how do you trust the certificate authority that issued a certificate to Spyderco (GoDaddy.com in this case). Why do you think should the root CA be trusted? (say Verisign). How do you know Verisign is not controlled by the great program to control our minds run by the Government? ;-)

The most secure version is to drive down to SFO, and purchase the knife using hard cash. Do not carry any id on you, for the risk of being mugged enroute (I hear the road to Golden is full of knife stealing thieves). :D
 
huckabee said:
Using TOR and a VPN may provide anonymity, but it does not make up for lack of HTTPS, which provides a secure connection directly to the endpoint/web server.
Click to expand...

Their website does provide SSL, but not every general browsing connection needs to be secure nor does basic information like an address that could be found in any online phonebook. When it comes to sending actually secure info, like credit card numbers, that's when you need to be sure about an encrypted connection.
 
Spirch said:
you can type https yes and it will work but do you see a little lock or ssl certificate that say "secure"?

i'm not asking for the moon, ssl certiticate can be bought for less than 100$ for a year...

go to any commercial website that ask that kind of information and look by yourself what kind of connection you will use
Click to expand...

ajmbS0D.jpg
 
Is this the Spyderco forum or the Matrix? Which one of you is Morpheus, and did you all take the blue pill or the red one?
Agent Smith is coming, shhhh.
/tinfoil hat on
 
You must log in or register to reply here.
Back
Top