continental.com is unsecure
#1
Original Poster
Join Date: Aug 2006
Programs: "all" airlines and hotels
Posts: 94
continental.com is unsecure
As a long time United (1k), thought I would update my profile on Continental.
Imagine my shock, when I found that on continental.com - as soon as I went to any aspect of "my profile" - you get dumped out of https into http!
This was in Chrome on a Mac.
Safari on a Mac - kept me in https!
I am running ghostery to minimize my giving my information away.
Anyone else seen this?
Nice way for Continental to give away your birth date and other information that should be kept confidential.
Imagine my shock, when I found that on continental.com - as soon as I went to any aspect of "my profile" - you get dumped out of https into http!
This was in Chrome on a Mac.
Safari on a Mac - kept me in https!
I am running ghostery to minimize my giving my information away.
Anyone else seen this?
Nice way for Continental to give away your birth date and other information that should be kept confidential.
#2
Join Date: Sep 2011
Location: SFO
Programs: UA Plat, SPG Gold, Marriott Gold
Posts: 48
Used IE and it kept me https
#3
Join Date: Jul 2010
Location: USA
Programs: UA Platinum, Marriott Silver
Posts: 124
Thanks for the heads up. I already signed up for a one pass account and linked to my ual account, but I will be more careful. Will check out from work tomorrow - mozilla I think...
#4
FlyerTalk Evangelist
Join Date: Nov 2009
Location: Northeast Kansas | Colorado Native
Programs: Amex Gold/Plat, UA *G, Hyatt Globalist, Marriott LT Gold, NEXUS, TSA Disparager Unobtanium
Posts: 21,603
CO.sux kept me in https when I logged in with Firefox (my primary browser).
#5
Join Date: Jul 2007
Location: San Francisco/Sydney
Programs: UA 1K/MM, Hilton Diamond, Marriott Something, IHG Gold, Hertz PC, Avis PC
Posts: 8,156
https all the way for me with FireFox 10.
#6
Join Date: Jul 2005
Location: HNL
Programs: UA platinum, HA platinum, Hyatt, Hilton, Marriott, Priority Club, SPG
Posts: 370
Imagine my shock, when I found that on continental.com - as soon as I went to any aspect of "my profile" - you get dumped out of https into http!
This was in Chrome on a Mac.
Safari on a Mac - kept me in https!
I am running ghostery to minimize my giving my information away.
Anyone else seen this?
This was in Chrome on a Mac.
Safari on a Mac - kept me in https!
I am running ghostery to minimize my giving my information away.
Anyone else seen this?
#7
Join Date: Nov 2009
Location: Between EWR & PHL
Programs: UA MileagePlus dirt (former hard-way Silver); AS Mileage Plan MVP; Hilton Honors Silver
Posts: 1,586
The red cross through the 'https:' in Chrome indicates that the data on the page is secure, but there are insecure ELEMENTS of the page (usually images). There's nothing wrong with the browser or the page.
#8
Join Date: Oct 2002
Location: MRY
Programs: UA Platinum 2MM(BIS)
Posts: 181
If you believe that you have found personal information on an insecure web page, you can confirm/disprove this by tracing your own ethernet data packets using Wireshark. If you can see your details unenciphered in the trace data then please bleat like mad so that it will be fixed!!!
http://www.wireshark.org/
http://www.wireshark.org/
#9
FlyerTalk Evangelist
Join Date: Aug 2002
Location: Bay Area, CA
Programs: UA Plat 2MM; AS MVP Gold 75K
Posts: 35,068
Even Firefox give a similar such warning when doing a flight search at co.sux.
co.sux has been like this for years.
#10
Join Date: May 2011
Posts: 5,814
Probably images and it should be an easy fix (relative vs. absolute urls)
#11
In Memoriam
Join Date: Feb 2000
Location: Easton, CT, USA
Programs: ua prem exec, Former hilton diamond
Posts: 31,801
If you click on the Red X you will see the following, showing that the page is encrypted, but has other items on it that are not.
Chrome lets you know when there is any item on the page that is not served from the secure server, which are probably image files.
Most other browsers do not let you know that.
Nothing is being given away
Chrome lets you know when there is any item on the page that is not served from the secure server, which are probably image files.
Most other browsers do not let you know that.
Nothing is being given away
#12
FlyerTalk Evangelist
Join Date: May 2007
Location: Houston
Programs: UA Plat, Marriott Gold
Posts: 12,693
to sCO IT. All elements should be secure when an https request is made
#13
FlyerTalk Evangelist
Join Date: Aug 2002
Location: Bay Area, CA
Programs: UA Plat 2MM; AS MVP Gold 75K
Posts: 35,068
Firefox Error
Login from the front page, then go do a flight search on the left side, and I always get:
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you usure you want to continue sending this information?
Although this page is encrypted, the information you have entered is to be sent over an unencrypted connection and could easily be read by a third party.
Are you usure you want to continue sending this information?
#14
Join Date: Sep 2001
Location: Austin, tx, USA
Programs: UA 1K, Hertz 5-star, Marriott Gold
Posts: 261
#15
Join Date: Dec 2010
Location: ORD
Programs: UA 1K/MM, MC Life Plat, HH Gold
Posts: 722
Even in IE and Safari there are periodic warnings about mixed insecure info on secure pages. Most likely images, but this is sloppy programing that could indeed open the door to an attack that would capture supposedly secure info. I guess this will be the new standard for the UA web site as of 3/3.