Just made my first order with AutoAtlanta and noticed that, once you go to checkout, for new customers where you fill out your Shipping and Billing as well as credit card info, the page is not a secure page??

So.. I would advise that if you are making a purchase with them, add an "s" after the "http" in the address bar before filling out the form.

computer security major... kinda bugs me when i see stuff like that... so just a heads up

maybe the AA webmaster can fix this would take all of 2 seconds

anyways, can't wait to get the stuff!!

wow, that suprises me. When we got our SSL it automatically updated links to https... I would never fill out anything without that little lock in the bottom right!

Hi Guys!

Manually creating a secure connection for that page is not necessary. All of your information is submitted through SSL to a separate handler, not that page. Once you fill in the form and hit submit, it's sent through a secure connection.

To ease worries though I made that page secure also. Sorry to get you guys worried!


Best regards,
Jason Humphrey
Auto Atlanta
770.427.2844 ext. 12

Well that was quick! Thanks Jason!

Wow jason, thanks for the fix.
I think by not being an SSL page when entering the information leaves it susceptible to being spoofed more easily? Because, someone won't know they're "secure" until they hit submit might deter some people. It would be harder to spoof an ALREADY SSL encrypted page than it would be to spoof the current page.

Just throwin that out there, but awesome turn-around.

OT: hey jason, do ya'll have company stickers or logos? I like to show support for who is aiding me in this addiction lol

I think the original post was excellent in bringing a potential security issue to light to all of us. The response form AA (Jason) was great.

Thanks to all!

No problem. Any time you come across something that seems odd, or you have a question, you can let me know directly: jason<!at!>autoatlanta.com

Generally SSL is more for sniffers than spoofing. Spoofing would be if someone got you to go to a malicious website designed to look like ours with the intent of collecting your information. Anyone with a few bucks can have an SSL set up so having https won't make much difference. Heck, when was the last time you inspected the security certificate issued by the server?

Sniffers are designed to pull packets from the network for inspection. The packets carry the information you filled into the form. A secure connection encrypts the transmission so that anyone listening in can't tell what's being said, at least that's the idea.

Again, the transmission has always been encrypted, I just made it a bit more obvious.

I'm not sure if we have much in the way of stickers. I'll see if I can dig something up, otherwise I'll put it in the suggestions box.

this morning ...


but then again, i work in that industry. the every day user probably does not even know how to check the validity of a SSL certificate ...
Andy