Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In their defense, they don't offer payments through the site. Their actual payment gateway (sec.paymentexpress.com) is secured with https [1].

I'd be more concerned with the ecommerce sites on the list, like Rebel Sport. Kmart at least does seem to redirect to HTTPS.

[1] http://paymentexpress.com/merchant-ecommerce-pxpay.html



Yes, but if you can midm the http connection you can appear the main site however you like. Including some login format or other way to obtain sensitive data.


...which is completely stupid because they score A+ on SSLlabs [0]. They even have HSTS etc., they really just have to preload it + add a 301 redirect.

[0] https://www.ssllabs.com/ssltest/analyze.html?d=paymentexpres...




Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: