[HTTPS-E Rulesets] some Spanish airlines
Israel Planagumà
israelplanaguma at gmail.com
Tue Jun 28 02:26:49 PDT 2011
Hi there,
I've tested these 3 rulesets. They work. These are 3 Spanish airlines,
which in their databases have pretty confidential personal info -ID
numbers, credit cards...
Once you are logged in, everything is under HTTPS, but not before that.
I have a basic question: even in a HTTP page, are the forms for user and
password encrypted? I mean, can they be, if the design is good? Or are
you sending your user and password open for the whole world to see?
Because that would be a very serious mistake by these companies and many
others -I sent a while back a rule for the biggest European Savings Bank
- La Caixa!
Thank you.
--
Israel Planagumà
israelplanaguma at gmail.com
PGP key: 0x3AC33747
-------------- next part --------------
A non-text attachment was scrubbed...
Name: iberia.xml
Type: text/xml
Size: 242 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110628/ac5389f1/attachment.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: spanair.xml
Type: text/xml
Size: 249 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110628/ac5389f1/attachment-0001.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: vueling.xml
Type: text/xml
Size: 249 bytes
Desc: not available
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110628/ac5389f1/attachment-0002.xml>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 7564 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.eff.org/pipermail/https-everywhere-rules/attachments/20110628/ac5389f1/attachment.bin>
More information about the HTTPS-Everywhere-Rules
mailing list