Google AdWords billing setup insecure

Signed up for Google AdWords today! Planning to promote a couple of my product sites soon.

Curiously, noticed that Firefox was telling me that the page was only partially secure (i.e. or as any security expert would tell you – not secure at all). This typically happens when a page delivered over HTTPS includes other pages (JS, etc) over plain HTTP.

Attack works like this: If a (safe) JS file was included via HTTP, an attacker (man-in-the-middle) could change the code to read the credit card off the form fields and ship it to himself.

Here is the screenshot:

Notice the typical blue or green background missing behind Google’s favicon.

 

 

This entry was posted in General, Tech. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *