Wes 🇵🇸 on Twitter: "@rx13 @MalwareJake @matches42 @Expedia https://t.co/ehSzGUgAiI" / Twitter

Hey

@Expedia

, we need to talk. You're sending HTTP links requesting credit card information...

26

119

328

Replying to

and

almost universally when I complain about this they say the post/submit is secure which makes me think that’s the PCI requirement.

3

11

Replying to

and

As I'm sure you're aware, that's not how security works...

2

13

This Tweet was deleted by the Tweet author. Learn more

Replying to

and

The POST is encrypted. Not sure I care though, it's 2019 - this is a 2005 problem.

3

13

Replying to

It's effectively NOT encrypted if the page containing the form is unencrypted

This Tweet was deleted by the Tweet author. Learn more

Replying to

It can be trivially replaced with a form that uses http. If everything isn't encrypted, nothing is.

This Tweet was deleted by the Tweet author. Learn more

Replying to

troyhunt.com/your-login-for

6:13 PM · Jun 22, 2019Twitter for Android

Conversation