I noticed that the Bletchley Park museum web site’s online shop does not use SSL to protect the transactions. So I sent them a serious (but slightly tongue-in-cheek) email:
I’m wondering why an organisation with a great track record of cracking codes does not deem it necessary to protect online transactions?
What I mean is: why is the Bletchley Park online shop not using https for secure transactions? At present, the shop uses unprotected http, which means that personal details, including credit card numbers, are sent in the clear across the internet. This means the details are even less secure than German WWII radio transmissions! 😉
I’m sure if Alan Turing was still there he wouldn’t have stood for that sort of thing.
CC stuff bangs off to world pay with https, but yes acct creation etc should be SSL-ed
PermalinkCredit card info and other personal details may go from *Bletchley* to *WorldPay* via SSL (although I can’t figure out how you’ve determined that), but it goes from the *customer* to *Bletchley* in the clear!
PermalinkI ‘ordered’ something to see – registration etc port 80, but as soon as you hit ‘pay’ you go of to worldpay and ssl.
But yes registration stuff *should* be via SSL.
Permalink