Gomadrid.com Aerocity form (used to) send credit card details unencrypted

Published Thu 11 February 2010 23:36 (+1300)

Tagged

spain (15 posts and 119 photos)
madrid (3 posts and 9 photos)

Update: Gomadrid.com promptly wrote in to say they've fixed it – see comments below.

Don't use the Aerocity shuttle online booking system from gomadrid.com – it would send your credit card data completely unencrypted over the internet. This is despite the form itself being hosted on an encrypted page, and a prominent, false statement about how your details are encrypted and “100% secure” – they're absolutely not, view source on the form and you can see that even though the page with the form is hosted on that secure server, it submits the form contents back to the insecure site at http://www.gomadrid.com/cgi-bin/aeromail.cgi. Since you need to give them your credit card details to book, that means your credit card details would be at risk. If you're using a good browser like Safari, it will by default warn you before doing this, but not all browsers would.

Comments

Posted Wed 30 September 2009 09:47 (+0200)
Go Madrid said:
Dear Will,

Thanks for bringing this to our attention - the form has now been changed and all transactions now take place entirely over the secure server.

We'd appreciate it if you could update your post to reflect this information.

Many thanks,

Go Madrid.
Posted Wed 30 September 2009 09:47 (+0200)
Go Madrid said:
Dear Will,

Thanks for bringing this to our attention - the form has now been changed and all transactions now take place entirely over the secure server.

We'd appreciate it if you could update your post to reflect this information.

Many thanks,

Go Madrid.
Post a comment
Name:

Email: This will be kept private.

Website:

Comment: