Month: November 2014

  • Amazon redirecting to HTTP

    For the past couple of weeks, https://www.amazon.com and https://amazon.com have redirected me to http://www.amazon.com. Region-specific sites like https://www.amazon.co.uk/ still work fine. There is probably no MITM attacker, since the secure page is performing the redirect, so a MITM would have to have a valid certificate for www.amazon.com, and if so he would presumably not add a redirect.

    Questions for Amazon:

    • What the hell?
    • Why does your site work at all without HTTPS?
    • How am I going to buy things now?

    It’s 2014, and this is unacceptable for an e-commerce site, plain and simple. Repent by implementing HSTS.