Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
From: AA Webmaster (webmasteraa.com)
Date: Tue Sep 18 2001 - 07:41:33 CDT
Hello Devi and Chris,
Thank you for your interest in American Airlines web site and the
security we use to transfer confidential customer information.
Most browsers indicate that a page is secure by one or more of the
- A picture of a key on the status bar. The key may appear to be broken
when the page is not secure.
- A picture of a padlock on the status bar. If the padlock is closed,
the page is secure. If the padlock is open, it is not secure.
- A blue line across the top of the secured page.
** Although all confidential information sent and received at our site
is transferred using Secure Socket Layer (SSL) protocol, your browser
will not display a key, padlock or blue line to indicate that the page
is secure. **
Our site will access secure servers for user confidentiality only when
sensitive information is being transmitted such as site login, user
profile updates, travel planning payment, AAdvantage account
transactions, etc. And, since our site uses frames to display
information, only the frame content which contains confidential
information is secure. Most browsers are unable to detect individual
frames which contain this information and is the reason your browser is
unable to detect this secure transfer of information.
To prevent unauthorized access, maintain data accuracy, and ensure the
correct use of information, we have put in place appropriate physical,
electronic, and managerial procedures to safeguard and secure the
information we collect online.
We also participate in the Council of Better Business Bureaus'
BBBOnline® Privacy Program, and comply with all the BBBOnline privacy
standards. Further information about this program is available at
If you wish to automatically be notified when entering or leaving a
secure server at our site, you may modify your browser settings to alert
you when these actions occur. Please contact your Internet Service
Provider or browser manufacturer if you need assistance.
AA.com Webmaster Team
Original Message Follows:
From: Dwight Mann
Sent: Monday, September 17, 2001 3:59 PM
To: DFW Technology
Subject: FW: aa.com not encrypting customer transaction data
From: Chris Fairbourne [mailto:chris.fairbournecamsystems.com]
Sent: Monday, September 17, 2001 12:39 PM
Subject: aa.com not encrypting customer transaction data
Looks like aa.com (American Airlines) is NOT encrypting customer data
purchasing e-tickets. Hopefully this isn't still the case by the time
posts. This hold true for both Advantage login and non-members as well.
no time did I get a redirect to an SSL server for my session.
Taking a peek at the "Passenger Details" page source, no where do you
"https" or ":443", hmm. Next I make a phony submission and low and
this is what I grabbed: " f o r m % C I _ C r e d i t C a r d T o U s e
r d N u m b e r " v a l u e = " 4 3 2 3 5 0 1 9 8 3 5 1 9 9 9 9 "
I've made serveral phone calls to aa.com and generated a few e-mail.
I can't convince them I'm wrong, so I bring it to this forum.