kruisey Posted February 18, 2015 #1 Share Posted February 18, 2015 I have just phoned Princess and informed them than when one checks in on Google Chrome to reach ones booking the little yellow triangle appears on the top left hand corner of the screen .When you curse over it it says it is encrypted but certain areas others can read,they can also interfere with it. This also was the fact with my local Telecommunications Company who I informed.Using Firefox does not seem to have this problem Link to comment Share on other sites More sharing options...
RickEk Posted February 18, 2015 #2 Share Posted February 18, 2015 I have just phoned Princess and informed them than when one checks in on Google Chrome to reach ones booking the little yellow triangle appears on the top left hand corner of the screen .When you curse over it it says it is encrypted but certain areas others can read,they can also interfere with it.This also was the fact with my local Telecommunications Company who I informed.Using Firefox does not seem to have this problem I think Chrome is telling you that just certain parts of the screen are encrypted. Elements such as the menu choices across the top, the graphic backgrounds, etc. are being delivered unencrypted. This would be the case for any browser that you're using. Firefox probably isn't reporting it, because it's not really a problem. Link to comment Share on other sites More sharing options...
kruisey Posted February 18, 2015 Author #3 Share Posted February 18, 2015 I think Chrome is telling you that just certain parts of the screen are encrypted. Elements such as the menu choices across the top, the graphic backgrounds, etc. are being delivered unencrypted. This would be the case for any browser that you're using. Firefox probably isn't reporting it, because it's not really a problem. That folks can tamper and change the web site. The Telecommunication Company have closed the billing area while handling this on Google. It is secure until you actually sign in to your own personal booking then the warning appears. Personally I take no chances. Link to comment Share on other sites More sharing options...
afd524 Posted February 19, 2015 #4 Share Posted February 19, 2015 The problem exist on firefox also, let me take a few screen shots and type up a longer reply to explain it but by looking at it your personal information is safe. Link to comment Share on other sites More sharing options...
afd524 Posted February 19, 2015 #5 Share Posted February 19, 2015 What google chrome is detecting is mixed content meaning there is both secure and non secure links on the webpage. Secure links on these pages are encrypted using AES 256 bit encrypting key meaning hackers have no chance of breaking the key. Under the cruise personalizer all the links that you would use to change your info are showing https meaning they are secure. At the bottom left hand corner of the screen you can see the link for guest check in link. The link on the bottom on the screen for the purchase a gift card link is not secure. This screen shots were taken on firefox so this happens for all web browsers. If you are concerned about the safety of a link just look at it and if it has a https that means it is safe. Link to comment Share on other sites More sharing options...
tbonecopper Posted February 19, 2015 #6 Share Posted February 19, 2015 (edited) This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party. For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert. Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun. However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http. If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site: The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS. It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies. Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure. Edited February 19, 2015 by tbonecopper Link to comment Share on other sites More sharing options...
kruisey Posted February 19, 2015 Author #7 Share Posted February 19, 2015 This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party. For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert. Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun. However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http. If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site: The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS. It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies. Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure. I still would not give my credit card details on a site with that little yellow triangle warning. Link to comment Share on other sites More sharing options...
tbonecopper Posted February 19, 2015 #8 Share Posted February 19, 2015 And of course that's your prerogative. I wasn't attempting to placate your concerns, merely shed some light on what that actually means. Link to comment Share on other sites More sharing options...
undercat Posted February 19, 2015 #9 Share Posted February 19, 2015 This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party. For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert. Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun. However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http. If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site: The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS. It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies. Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure. Thank you for this insight and thank you OP for this thread! I use different browsers depending on the purpose and computer, and I noticed an error when trying to open my documents (I forget the precise name) in Cruise Personalizer while using Google Chrome. No issue was presented when I opened the same documents in Internet Explorer on a different machine. I use a private VPN when connecting to public WiFi but noticed some odd behavior whilst connected to it recently. I also use certain browser plug-ins (thanks to prior issues, without going into details) which theoretically help the web surfer but adds another layer when requesting web pages and am working to optimize that. My research continues.... Link to comment Share on other sites More sharing options...
jrzebird Posted February 19, 2015 #10 Share Posted February 19, 2015 I still would not give my credit card details on a site with that little yellow triangle warning. Then how would you complete your cruise personalizer? I suppose you could hold that part until you check in. Maureen Link to comment Share on other sites More sharing options...
AZbeachboy Posted February 19, 2015 #11 Share Posted February 19, 2015 Great thread. Thank you all. Link to comment Share on other sites More sharing options...
caribill Posted February 19, 2015 #12 Share Posted February 19, 2015 Then how would you complete your cruise personalizer? I suppose you could hold that part until you check in. By using a browser other than Chrome. Can't print a boarding pass without completing that info. Link to comment Share on other sites More sharing options...
kruisey Posted March 1, 2015 Author #13 Share Posted March 1, 2015 (edited) PLease take care when using Google Chrome on the Princess site. After you sign in the site is still not completely secure.Mouse on to the little yellow triangle at the top left hand side of the page.I did mention this to Princess several weeks ago but nothing has changed. Foxfire is safe you will see the little lock on the top left hand side of page.:) Its up to you I am just letting you know.......Kruisey:) Edited March 1, 2015 by kruisey Link to comment Share on other sites More sharing options...
satxdiver Posted March 1, 2015 #14 Share Posted March 1, 2015 Thank you for this insight and thank you OP for this thread! I use different browsers depending on the purpose and computer, and I noticed an error when trying to open my documents (I forget the precise name) in Cruise Personalizer while using Google Chrome. No issue was presented when I opened the same documents in Internet Explorer on a different machine. I use a private VPN when connecting to public WiFi but noticed some odd behavior whilst connected to it recently. I also use certain browser plug-ins (thanks to prior issues, without going into details) which theoretically help the web surfer but adds another layer when requesting web pages and am working to optimize that. My research continues.... If you see different behaviors between different browsers or different machines, look at your browser parameters as something is different. I would look at the browser security set up and compare values. You can set the security high or low or in between depending on your comfort level. The default security settings of chrome, firefox and IE is different. If chrome gives a warning and IE does not, it does not mean IE is more secure since the warning is not there but rather the security settings of IE is less than the chrome security settings. Link to comment Share on other sites More sharing options...
undercat Posted March 1, 2015 #15 Share Posted March 1, 2015 If you see different behaviors between different browsers or different machines, look at your browser parameters as something is different. I would look at the browser security set up and compare values. You can set the security high or low or in between depending on your comfort level. The default security settings of chrome, firefox and IE is different. If chrome gives a warning and IE does not, it does not mean IE is more secure since the warning is not there but rather the security settings of IE is less than the chrome security settings. Thanks for your feedback! To clarify, I wasn't implying that I think IE is more secure than Chrome simply because it allowed me to access a page Chrome warned me about. I mentioned the different browsers to provide an example of the different behavior exhibited when viewing the same docs using different browsers. I might have been unclear or imprecise about my reasons for relaying my experience when I posted about it - if so, my apologies for any confusion. I agree that the security settings are different on the other computer. I prefer not to use IE (personal preference, not necessarily security-related) but IE is what we have to use on that particular computer. Link to comment Share on other sites More sharing options...
kruisey Posted March 1, 2015 Author #16 Share Posted March 1, 2015 I agree Explorer really does not tell you anything. Swear by Firefox for anything personal.Mr Fox has never let me down:) Link to comment Share on other sites More sharing options...
peety3 Posted March 1, 2015 #17 Share Posted March 1, 2015 I still would not give my credit card details on a site with that little yellow triangle warning. That's your prerogative, but it DOES NOT MATTER if you put your credit card details on an insecure page. The only thing that matters is if the "Submit" link is HTTPS. It's the button that actually does anything with your information, not the page you came from. Link to comment Share on other sites More sharing options...
kruisey Posted March 2, 2015 Author #18 Share Posted March 2, 2015 That's your prerogative, but it DOES NOT MATTER if you put your credit card details on an insecure page. The only thing that matters is if the "Submit" link is HTTPS. It's the button that actually does anything with your information, not the page you came from. Its just a persons choice.When I sign in on Google and it states its not completely secure,reading within the triangle that outsiders can break in and cause malicious damage I am certainly not going to put my credit card number on sites like that. Everyone has their personal choice ,and although I may sound ignorant to you would rather not take the chance. Link to comment Share on other sites More sharing options...
Recommended Posts
Please sign in to comment
You will be able to leave a comment after signing in
Sign In Now