I decided to activate the SecureSpot service on my D-Link router yesterday. After trialing it and being very happy with the configuration and flexibility of the service itself, I decided to pay for the service. The checkout page looked like most do, and I've become so accustomed to them now that I almost clicked the submit button before checking the URL (note: you need a SecureSpot trial membership to access the page). Whoa there cowboy, that protocol is http, not https. So, thinking that maybe some use of frames was disguising the true URL of the checkout page, I looked for the trusty lock icon on Firefox that depicts a secure site, and it too was missing. Ok, the warning bells are now clanging, so I go back to the beginning, all the way back to the original SecureSpot login page. It sports a gold VeriSign seal, claiming to be secure. No https, no lock. I look all through the SecureSpot configuration control panels and none of it seems to be using SSL. So as I'm logging into the BSecure web site that runs SecureSpot, and as I'm setting my family's filtering and privacy controls and passwords, is everything going over the wire in the clear? Both the SecureSpot login and the payment checkout pages sport that VeriSign gold seal. This is supposed to assure me the site is secure, right? From VeriSign's site:
"Gold Seal" is a graphical representation that assures customers that a Web site has been Authenticated and that all transactions are secured by a Secure Site Certificate or a Secure Site Pro Certificate.
I poked through the checkout page source to see if I missed something, and about the only secure element on the page is the VeriSign gold seal. Well, at least their assurance that the page is secure is secure.