Security

Takealot Security Issue

So I decided (this morning) to do some more research on SSL encryption and it’s effect on website security and performance.

I tend to use Takealot.com as my default website for checking security compliance and performance. If any South African website should be up-to-date in regards to international security standards, it should be South Africa’s largest e-commerce retailer, Takealot.

I invite you to click on this link (https://www.takealot.com/) to view the Takealot home page over an encrypted connection.

If you’re using Firefox, you should be presented with a screen looking something like this:

takealot-ssl-error

Not only has the SSL certificate expired (June 13th, 2015), it is only valid for the “www.kalahari.com” domain.

To be fair, the Takealot login link on the home page redirects to https://secure.takealot.com/ which does have a valid SSL certificate. This does not help people like me who would like to browse the website over a secure connection without being signed in.

This may not be a security catastrophe, but it’s an unnecessary blemish on what is most likely a secure shopping platform.

If you have a connection with someone at Takealot, why not send them to this post – maybe they’ll do something about it. 😛

SHARE THIS POST
Standard

2 thoughts on “Takealot Security Issue

  1. or perhaps you should send the details of your investigation to their web security people and negotiate a consultancy fee to remedy the situation.

    • I tried offering my services to them 2 years ago (for free), but they never responded. I’ve tweeted this post to their Twitter handle, so their social media team should get notified.

Leave a Reply

Your email address will not be published. Required fields are marked *