Internet security: Buying from DHGate.com

[ycz(08)]

Hello security experts,

 

As the title says, I´m wanting to buy from www.dhgate.com but I have one major concern and it is that I´m not sure if the https is secure. This is the checkout certificate:

 

 

It says that the connection is private but someone on the network might be able to change the look... so I´m guessing that it is a risk to buy from this site? From what I´ve researched, I´ve not found anyone complaining about credit theft or security issues or related news. The worst I´ve seen is ppl not happy with their order but that is to be expected. 

[alexhelvetica]

 

Hello security experts,

 

As the title says, I´m wanting to buy from www.dhgate.com but I have one major concern and it is that I´m not sure if the https is secure. This is the checkout certificate:

 

 

It says that the connection is private but someone on the network might be able to change the look... so I´m guessing that it is a risk to buy from this site? From what I´ve researched, I´ve not found anyone complaining about credit theft or security issues or related news. The worst I´ve seen is ppl not happy with their order but that is to be expected. 

 

Did you read the message?

They use an obsolete encryption so it may not be secure.  

[desertcomputer]

It look like chinese hosted website.. no point of encryption... all traffic is monitor by the government ... it happening around the world. 

[ycz(08)]

Did you read the message?

They use an obsolete encryption so it may not be secure.  

 

The obsolete cipher message is pretty common even in website with full green secure padlock (you may wanna try with your online banking website in Chrome and click on the green padlock and you will see the obsolete cipher message), I don´t know how Google is managing certificates with Chrome but it doesn't mean its not secure. That part of the certificate I'm not worry about, the part that intrigues me is the part that says that "someone on the network might be able to change the look"

[ycz(08)]

It look like chinese hosted website.. no point of encryption... all traffic is monitor by the government ... it happening around the world. 

 

That actually makes sense.

[colonel_mortis]

The bit about changing the look just means that some images/etc were loaded over an insecure connection. While this isn't ideal, it doesn't actually compromise your security.

The obsolete cipher suite just means that the encryption is slightly easier to crack than industry standards, but not easy to crack by any means, and it only matters at all if you are subject to a man in the middle attack (though even if you were, it's likely that the attacker isn't capable of decrypting your data, even in the order of magnitude tens of years).

[ycz(08)]

The bit about changing the look just means that some images/etc were loaded over an insecure connection. While this isn't ideal, it doesn't actually compromise your security.

The obsolete cipher suite just means that the encryption is slightly easier to crack than industry standards, but not easy to crack by any means, and it only matters at all if you are subject to a man in the middle attack (though even if you were, it's likely that the attacker isn't capable of decrypting your data, even in the order of magnitude tens of years).

 

Good to know!

 

I was worried that the "secure" fields (credit card info text boxes) were not actually secured but changed to look like so.