Sunday, September 22, 2013

Seriously RapidSSLOnline....

RapidSSLOnline sends out HTML formatted emails for certificate renewal containing a direct SSL login link to your account, for easy renewal (or change/delete) of SSL certificates.

Hmm.. And I actually thought that sending out direct login links by clear-text e-mail was a bad idea....


Important update: my link + title initially pointed at, while the correct should be Big thx to Tom Willows for correcting me!

Here's the email received, slightly censored to protect the innocent:

Clicking the "Renew & Save" takes you - or anyone who can get access to the email in transit or at rest - directly to this page (again heavily censored):

Dear RapidSSLOnline:
You are in the business of Internet security. I really do expect better than this. Running your entire shop off Amazon cloud servers (web + mail) doesn't help on my lack of confidence in your current security practices. (Sorry Amazon).

No comments:

Post a Comment

All comments will be moderated, primarily for spam. You are welcome to disagree with my posts of course.