Enabling SSL on SQUARESPACE / July 9, 2015 by Paulo Fierro

In 2014 Google made an announcement stating they would boost sites using HTTPS encryption in search results. Apart from that there are several other great reasons for using HTTPS. This site is hosted on Squarespace and while you could access this via a squarespace.com subdomain, I prefer using my actual domain that I own and control.

After some searching I came across this excellent blog post describing how to get SSL for your Squarespace site using CloudFlare. Its fairly straightforward to set up and doesn't cost a thing.

A Taste of Insecurity / January 22, 2013 by Paulo Fierro

This weekend marks the 25th Taste of Cayman — a food and wine festival put on by the Cayman Islands Tourism Association (CITA).

This year you can buy the tickets online on their site built by Netclues. However, the purchase process is entirely insecure. Taking customers' credit card details in this manner is both irresponsible and unprofessional and it also violates the Payment Card Industry's (PCI) Data Security Standard requirements to protect cardholder data (point #4). I'm no lawyer but I believe if the card details were to fall into the wrong hands they would also be financially liable.

I tweeted at CITA and Netclues but they didn't reply.

@caytourizm selling @tasteofcayman tickets online is great but taking credit card details on an insecure page in 2013 is not /cc @netclues
— Paulo Fierro (@plo) January 12, 2013

When we help clients build anything, be it a site or an app it falls on us as the designers and developers to educate and inform them about issues like this. I am appalled that the people in charge of developing this site would roll out a payment solution without something as basic as an SSL certificate in place — trying to visit the tickets page over HTTPS results in a 404 error (page not found).

If a relatively inexpensive SSL certificate is not installed then I do wonder how much care and attention has been put in place behind the scenes to store credit card details in a safe and secure manner.

Its 2013 — we should know better. We should expect better.

In any case, we are looking forward to attending the event but purchased our tickets the old-fashioned way.

In person.

What lurks on port 7682? / January 22, 2013 by Paulo Fierro

I was using Charles earlier to monitor some HTTP requests and noticed that every few seconds a request would show up trying to ping 127.0.0.1 (localhost) on port 7682. This was odd so I did a quick search and found that I had actually tweeted about this approximately 112 days ago — and had completely forgotten.

So if you see this, simply disable the Adobe Edge Inspect extension in Chrome in the Extensions settings.

Let's see if I remember this time.