RE: NON-Secure Credit card info transfer from time.com/pathfinder .com

[jpaquin () landsman com]

> The problem is that while the page 
>
> https://www.pathfinder.com/subs/books/forms/td/tdspecialed01.html
>
> itself is secure, as noted by the "https" at the beginning of the URL,
> when you click the "Submit Order" button, the html in that page
> reading:

That doesn't seem to be the only problem. Press "submit" on that page
without actually filling anything in, you'll be taken to the actual
order page. Now, check the URL. It appears that upon calling that page
you may substitute anything you wish for any of the values, including
price and shipping cost. Perhaps upon submission they check the price,
they aren't getting my credit card order quite yet.

Perhaps ordering that issue at any price you'd like will get them to fix
it.

Jacques Paquin

Attachment: smime.p7s
Description: