For the past couple of weeks, https://www.amazon.com and https://amazon.com have redirected me to http://www.amazon.com. Region-specific sites like https://www.amazon.co.uk/ still work fine. There is probably no MITM attacker, since the secure page is performing the redirect, so a MITM would have to have a valid certificate for www.amazon.com, and if so he would presumably not add a redirect.
Questions for Amazon:
- What the hell?
- Why does your site work at all without HTTPS?
- How am I going to buy things now?
It’s 2014, and this is unacceptable for an e-commerce site, plain and simple. Repent by implementing HSTS.