This has been fixed, around 18 Oct. The operative line of HTML now reads: <form METHOD="post" action="https://cgi.timeinc.net/cgi-bin/magsubs/cc/booksubs/tdspecialed01";> Ethereal confirms all traffic is https. - Bob Niederman On Tue, 16 Oct 2001, Bob Niederman wrote: > > When you go to www.time.com and click on "Order This Special Issue" (over > the picture of the Time cover showing the second crash into the World > Trade center), you are taken to: > > https://www.pathfinder.com/subs/books/forms/td/tdspecialed01.html > > > > The problem is that while the page > > https://www.pathfinder.com/subs/books/forms/td/tdspecialed01.html > > itself is secure, as noted by the "https" at the beginning of the URL, > when you click the "Submit Order" button, the html in that page > reading: > > <FORM METHOD="post" > action="http://cgi.pathfinder.com/cgi-bin/magsubs/cc/booksubs/tdspecialed01";> > > sends it to a non-secure server, as noted by the "http:" instead of the > "https:" in the preceding URL. > > This causes the credit card number to cross the internet in > un-encrypted form. > > - Bob Niederman > > Fight UCITA! http://www.4cite.org, > > Free Dmitry Skylarov. Repeal DMCA. http://freskylarov.org > http://eff.org > > > >
