EAV8 2 Posted October 17, 2015 Share Posted October 17, 2015 (edited) Hi all, I was looking at the buy page of ESET and I noticed something strange. Clicking on the shop button on ESET international website, opens the follow website: hxxp://www.nod32.pt/purchase/index.php - This website isn't using an encrypted connection, and that's bad since it ask for all the client personal information to buy the license. But if open ESET International website and select the country first, then when you press "shop" the domain is different (loja.eset.pt) and that page is using HTTPS. So the problem is on the international website that redirects to a un secured page when your IP is from Portugal. P.S: I use ESET since NOD32 v2.7, so I'm a huge fan Thanks. Edited October 17, 2015 by EAV8 Link to comment Share on other sites More sharing options...
Most Valued Members shocked 60 Posted October 17, 2015 Most Valued Members Share Posted October 17, 2015 this must not be the original eset website. i visited the Portuguese site via eset.com and then i selected the country, Portugal. it lead me to this https://loja.eset.pt/ Link to comment Share on other sites More sharing options...
EAV8 2 Posted October 17, 2015 Author Share Posted October 17, 2015 (edited) No, this is the original ESET website. I will try to explain it better: If you go to eset.com/pt (Portuguese Website) and press shop button you are redirected to loja.eset.pt. This Website (loja.eset.pt) is using a secure connection.If you go to eset.com/int (International Website) and press shop button, you are redirected to nod32.pt/purchase. This website (nod32.pt/purchase) is using a non secure connection.The ESET International website redirects you to your country shop when you click the "shop" button, but, for some reason, the international website is redirecting Portuguese IP's to the wrong page (nod32.pt/purchase) instead of (loja.eset.pt). So, the problem is on the redirect made by the international website, you can only test it if you access the international website using a Portuguese IP. Edited October 17, 2015 by EAV8 Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 302 Posted October 19, 2015 ESET Moderators Share Posted October 19, 2015 In many cases like this there is an https frame inserted in the http website - check whether this is not the case. Link to comment Share on other sites More sharing options...
EAV8 2 Posted October 19, 2015 Author Share Posted October 19, 2015 (edited) Hi @TomasP I contacted ESET Portugal and they said that they will fix the problem and offered me a 30 days trial lol (The international page should redirect to "loja.eset.pt" instead of "nod32.pt/purchase".) Have a nice day Edited October 19, 2015 by EAV8 Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 302 Posted October 20, 2015 ESET Moderators Share Posted October 20, 2015 Great to hear that. Regards. Link to comment Share on other sites More sharing options...
rugk 397 Posted October 21, 2015 Share Posted October 21, 2015 (edited) In many cases like this there is an https frame inserted in the http website - check whether this is not the case. Come on. That's not secure at all. Any attacker could simply inject JavaScript into the HTTP site and send all data entered to itself. An HTTPS-IFrame does not help in any way to prevent this. Edited October 21, 2015 by rugk Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 302 Posted October 23, 2015 ESET Moderators Share Posted October 23, 2015 Hi rugk, I am not saying we do it like that. I just mentioned that I saw it implemented this way and asked whether it was the case here as well. Link to comment Share on other sites More sharing options...
rugk 397 Posted October 23, 2015 Share Posted October 23, 2015 But you do it like that. I've seen it on some sites which do so. Additionally why do you ask if you don't use it? What would have been your answer if he had said "Yes"? That everything is alright? IMO this was implied by this question. Link to comment Share on other sites More sharing options...
ESET Moderators TomasP 302 Posted October 26, 2015 ESET Moderators Share Posted October 26, 2015 That was a clarifying question, to know which direction the discussion should head. In case you are aware of such implementations on ESET's website, please contact me. Link to comment Share on other sites More sharing options...
rugk 397 Posted November 5, 2015 Share Posted November 5, 2015 I've already reported this... Link to comment Share on other sites More sharing options...
Recommended Posts