Signed up for Google AdWords today! Planning to promote a couple of my product sites soon.
Curiously, noticed that Firefox was telling me that the page was only partially secure (i.e. or as any security expert would tell you – not secure at all). This typically happens when a page delivered over HTTPS includes other pages (JS, etc) over plain HTTP.
Attack works like this: If a (safe) JS file was included via HTTP, an attacker (man-in-the-middle) could change the code to read the credit card off the form fields and ship it to himself.
Here is the screenshot:
Notice the typical blue or green background missing behind Google’s favicon.