If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
If you're looking to top off your Dividend miles at US Air, be advised the
site that you will purchase these miles from doesn't implement secure sockets. For the unitiated, your credit card information flys (no pun intended) over the Internet unencrypted. Here is the address: http://www.usairways.com/awa/content.../buymiles.aspx I use my credit card quite a bit on the Internet and never had a problem as long as I landed on a https (SSL enabled site). Maybe US Air can't afford a certificate from Verisign :-) rg |
#2
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Sharkbait wrote:
If you're looking to top off your Dividend miles at US Air, be advised the site that you will purchase these miles from doesn't implement secure sockets. For the unitiated, your credit card information flys (no pun intended) over the Internet unencrypted. Here is the address: http://www.usairways.com/awa/content.../buymiles.aspx I use my credit card quite a bit on the Internet and never had a problem as long as I landed on a https (SSL enabled site). Maybe US Air can't afford a certificate from Verisign :-) WRONG. If you aren't convinced, download HTTPWatch or capture a packet trace. The POST request with the credit card info I gave (throwaway card) went to https://buy.points.com/dividendMiles/review.do I have no reason to believe your credit card details didn't go to this HTTPS link. While you might have a bad opinion of US Airways, I can assure you that Points.com knows how to securely handle mileage transactions such as these. They do it for multiple airlines. Trust me. Packet tracing is what I do for a living. Trust me on this. |
#3
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Mr. Travel wrote;
WRONG. I currently sitting the page where I enter my credit card information needs to be entered right now. Here is the link; http://www.usairways.com/awa/content.../buymiles.aspx What is it about this link that tells me the data will be directed through port 443 and not 80? What is it about this link that tells me the application is using SSL? Shall I go ahead and complete the transaction and pray? rg |
#4
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Mr. Travel wrote;
WRONG. Go to any number of other secure shopping sites. Take PC Connection for example; by the time you land on the checkout page where you enter your credit card info, and before entering your info, you will note the URL is already https: https://www.pcconnection.com/IPA/Shop/Checkout/ rg |
#5
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Shawn Hirn wrote;
Did you bother to view the source for that page? If you do, that's where you'll find the https reference. Yes I did review the source page. Apparently, you are not a US Airways Dividend member. The source page, which is not https takes you to the one referenced. The source page requires that you enter your Dividends Miles membership number. Follow this: http://www.usairways.com/awa/default...en&q=usairways Near the top of the page mouse over Dividend Miles and scroll down to Buy, Share and gift miles. It will take you to this page: http://www.usairways.com/awa/content...s/default.aspx Under buy miles, click either "Buy Now" or "Buy Miles" your choice. It will take you he http://www.usairways.com/awa/content.../buymiles.aspx Here is where you will enter your membership number, last name, first name, email address and number of miles you want to buy. At this point, I suspect you should be at https. After entering the correct information, which I believe is validated at the back end, you are taken he http://www.usairways.com/awa/content.../buymiles.aspx You are then requested to click on "Continue Purchase", which takes you he http://www.usairways.com/awa/content.../buymiles.aspx This is where you enter all the appropriate information regarding sensitive personal data. I saw no reference to https anywhere along the way. Where is the https reference? rg |
#6
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Sharkbait wrote:
Mr. Travel wrote; WRONG. I currently sitting the page where I enter my credit card information needs to be entered right now. Here is the link; http://www.usairways.com/awa/content.../buymiles.aspx What is it about this link that tells me the data will be directed through port 443 and not 80? What is it about this link that tells me the application is using SSL? Shall I go ahead and complete the transaction and pray? That link doesn't tell you anything. That isn't the link you are sending the data too. I already gave you a way to find out if the data is going to be sent secured. You can freely download httpwatch or some other program to figure out where you are actually going to send the data. This isn't the same as claiming they are too cheap to buy a verisign certficate. You had ZERO evidence of that. |
#7
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Sharkbait wrote:
Mr. Travel wrote; WRONG. Go to any number of other secure shopping sites. Take PC Connection for example; by the time you land on the checkout page where you enter your credit card info, and before entering your info, you will note the URL is already https: https://www.pcconnection.com/IPA/Shop/Checkout/ When you look at the URL, you are looking at the URL for the page you just RECEIVED. This isn't address of where the data goes when you enter it. You misunderstanding of how things work is not a reason to accuse them of being unsecure. |
#8
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Shawn Hirn wrote:
In article 7uTAj.4916$FG2.2214@trndny08, "Sharkbait" wrote: Mr. Travel wrote; WRONG. I currently sitting the page where I enter my credit card information needs to be entered right now. Here is the link; http://www.usairways.com/awa/content...s/purchasemile s/buymiles.aspx What is it about this link that tells me the data will be directed through port 443 and not 80? What is it about this link that tells me the application is using SSL? Shall I go ahead and complete the transaction and pray? Did you bother to view the source for that page? If you do, that's where you'll find the https reference. It has NOTHING to do with the source of the page. It has to do with where the page is that he is sending the data to. That page has an HTTPS link at points.com |
#9
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Sharkbait wrote:
http://www.usairways.com/awa/content.../buymiles.aspx This is where you enter all the appropriate information regarding sensitive personal data. I saw no reference to https anywhere along the way. Where is the https reference? Yes, to get the form, you sent an HTTP GET request for http://www.usairways.com/awa/content.../buymiles.aspx As I have explained to you. When you enter the data and send it, it is sent, via an HTTP POST to https://buy.points.com/dividendMiles/review.do Your statement about the data being insecure was totally wrong. Their is no need for US Airways to have a Verisign cert, because the purchased is handled (via HTTPS) by POINTS.COM. |
#10
|
|||
|
|||
US Airways Dividend Website - Caveat Emptor!
Mr. Travel wrote;
When you look at the URL, you are looking at the URL for the page you just RECEIVED. This isn't address of where the data goes when you enter it. You misunderstanding of how things work is not a reason to accuse them of being unsecure. The non-techno-geeks among us use something like the following taken off the Indiana University, Univ. Information Technology Services website: http://webmaster.iu.edu/tool_guide_info/ssl.shtml and I quote: " How do I know if my browser is communicating with a secure server? a.. Your browser may notify you before displaying the page b.. A 'lock' symbol may appear in 'locked' position on your browser c.. The URL will have 'https:' at the beginning. " I am sure there are plenty of other similar citations out there. The majority of us lay people don't have all of your assumed knowledge of Internet security. Fewer of us run Network General's Sniffer application on our laptops to determine and detect that we are transmitting data through a redirected, secure link using SSL. I can assure you that US Air's website provides none of the above standards to notify you that you are communicating with a secure server. The fact that I am communicating with Points.com makes me feel even more insecure. It allows US Air to pass the buck if something goes wrong and Points.com to push me back to US Air for financial loss. That is the bottom line. Before anyone tells me to call US Air and buy the miles over the phone, the discount through the end of March only applies to the purchase of miles through the website. rg |
|
Thread Tools | |
Display Modes | |
|
|
Similar Threads | ||||
Thread | Thread Starter | Forum | Replies | Last Post |
U.S. Airways Dividend Miles e-mail | Gary[_2_] | Air travel | 0 | February 21st, 2007 04:17 AM |
Retiring to cheaper climes? Caveat emptor | Earl Evleth | Europe | 14 | March 12th, 2006 09:31 PM |
Caveat Emptor on Shore Excursions | mark hunacek | Cruises | 5 | April 8th, 2004 12:42 AM |
Settled: US Airways was fair. (was US Airways is predatory. My advice: Do not fly on US Airways.) | Ray Lozano | Caribbean | 0 | September 16th, 2003 08:53 PM |