ESET - Buy page not encrypted!

[EAV8 2]

Hi all,

 

I was looking at the buy page of ESET and I noticed something strange. Clicking on the shop button on ESET international website, opens the follow website:

 

hxxp://www.nod32.pt/purchase/index.php - This website isn't using an encrypted connection, and that's bad since it ask for all the client personal information to buy the license.

 

But if open ESET International website and select the country first, then when you press "shop" the domain is different (loja.eset.pt) and that page is using HTTPS.

 

So the problem is on the international website that redirects to a un secured page when your IP is from Portugal.

 

P.S: I use ESET since NOD32 v2.7, so I'm a huge fan

 

Thanks.

Edited October 17, 2015 by EAV8

[shocked 60]

this must not be the original eset website. i visited the Portuguese site via eset.com and then i selected the country, Portugal.

 

it lead me to this https://loja.eset.pt/

[EAV8 2]

No, this is the original ESET website. I will try to explain it better:

 

If you go to eset.com/pt (Portuguese Website) and press shop button you are redirected to loja.eset.pt. This Website (loja.eset.pt) is using a secure connection.

If you go to eset.com/int (International Website) and press shop button, you are redirected to nod32.pt/purchase. This website (nod32.pt/purchase) is using a non secure connection.

The ESET International website redirects you to your country shop when you click the "shop" button, but, for some reason, the international website is redirecting Portuguese IP's to the wrong page (nod32.pt/purchase) instead of (loja.eset.pt). So, the problem is on the redirect made by the international website, you can only test it if you access the international website using a Portuguese IP.

Edited October 17, 2015 by EAV8

[TomasP 316]

In many cases like this there is an https frame inserted in the http website - check whether this is not the case.

[EAV8 2]

Hi @TomasP

 

I contacted ESET Portugal and they said that they will fix the problem and offered me a 30 days trial lol (The international page should redirect to "loja.eset.pt" instead of "nod32.pt/purchase".)

 

Have a nice day

Edited October 19, 2015 by EAV8

[TomasP 316]

Great to hear that.

Regards.

[rugk 397]

In many cases like this there is an https frame inserted in the http website - check whether this is not the case.

Come on. That's not secure at all.

 

Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself.

An HTTPS-IFrame does not help in any way to prevent this.

Edited October 21, 2015 by rugk

[TomasP 316]

Hi rugk, I am not saying we do it like that. I just mentioned that I saw it implemented this way and asked whether it was the case here as well.

[rugk 397]

But you do it like that. I've seen it on some sites which do so.

Additionally why do you ask if you don't use it? What would have been your answer if he had said "Yes"? That everything is alright?

IMO this was implied by this question.

[TomasP 316]

That was a clarifying question, to know which direction the discussion should head.

In case you are aware of such implementations on ESET's website, please contact me.

[rugk 397]

I've already reported this...