InformAction Forums

Posted: **Fri Jan 15, 2010 4:42 pm**

Hi, I put this up on the Firefox board a while ago and haven't gotten a response. In any case, you people are pretty well informed about this stuff, and maybe this is where it belongs.

I was trying to send a contribution for Haiti relief. I entered all my credit card information on an https page with the Verisign padlock at the bottom and hit "Process now." I have my preferences set to warn me when I am leaving an encrypted for an unencrypted page. As soon as I hit "process now," I received the pop up, "You are leaving an unencrypted page...anything that you send can easily be read..." I am confused. the popup didn't give me an option to cancel, so I force quit Firefox in order to cancel. I am trying to understand exactly what happened or what was going to happen.

Several possibilities: Does this mean that this sensitive information would have been sent out unencrypted if I hadn't "force quit?" Was it already sent out, encrypted, as soon as I hit "process now, and the warning simply meant that I was leaving an encrypted page (and encryption was no longer necessary?) Does this mean it was sent out unencrypted? Since I "force quit" Firefox and the secure page with the popup, does this mean nothing was sent out at all? Since I force quit, I didn't receive any acknowledgment of my submission and don't know if it was transmitted or not.

Posted: **Sat Jan 16, 2010 7:25 pm**

URL?

(Also beware of bogus Haiti relief webpages.)
Be very careful if you plan on donating Haiti

Posted: **Sun Jan 17, 2010 1:39 pm**

Here is the page from which to donate. (I've already deleted my history from then, so I don't know exactly which URL I donated on, and they may have changed it.)
https://donate.pih.org/page/contribute/ ... dwithhaiti

They have acknowledged receipt of my donation by email (unless this was faked--but why would a scammer go to the trouble? To keep me from canceling my card? This is getting too crazy!) I think most likely what happened was my credit card info was sent out encrypted on the https page when I hit "Process Contributiion," then when encryption was no longer necessary, it was about to flip me over to a non-secure "thank you" page--the reason for the Firefox popup--which I never saw since I'd force quite Firefox.

Yes, lots of scams around right now, and good reason for paranoia, but this is supposed to be an excellent NGO, completely legitimate, doing great work.
http://www.charitynavigator.org/index.c ... orgid=4884

Unless--paranoid scenario--I was phished: If you go to pih.org, the URL for Partners in Health, you are immediately redirected to http://www.standwithhaiti.org/haiti. The whois for that is entirely different. First, here is the whois for pih.org. Folowing that is the whois for standwithhaiti.org (NoScript, which I'm using, doesn't present any alert about the redirection. I see this only from the Firefox settings. (I'm also using OpenDNS, which would minimize redirections.) The difference in the whois information is puzzling, unless the explanation is they had to quickly set up a special Haiti URL quickly, on the fly, to get people to the donation page quickly, rather than through the usual domain name, which has a donate page for their regular, on-going, non-Haiti work.

But just found this at http://www.pih.org/inforesources/news/H ... quake.html ,which probably explains it.

Update: January 14, 2010, 10:00pm
Stand with Haiti!

Partners In Health is launching a new website to keep our supporters up-to-date with our efforts in Hait. Please join us at http://www.standwithhaiti.org. This will be the final update on this webpage, all new updates will be posted on http://www.standwithhaiti.org. Thanks for your support!

Here are the two whois reports.

Domain ID:D665837-LROR
Domain Name:PIH.ORG
Created On:15-Apr-1997 04:00:00 UTC
Last Updated On:22-Aug-2009 01:23:41 UTC
Expiration Date:16-Apr-2019 04:00:00 UTC
Sponsoring Registrar:Network Solutions LLC (R63-LROR)
Status:CLIENT TRANSFER PROHIBITED
Registrant ID:24545461-NSI
Registrant Name:Partners In Health
Registrant Organization:Partners In Health
Registrant Street1:641 Huntington Avenue
Registrant Street2:1st Floor
Registrant Street3:
Registrant City:Boston
Registrant State/Province:MA
Registrant Postal Code:02115
Registrant Country:US
Registrant Phone:+1.6174325256
Registrant Phone Ext.:
Registrant FAX:+1.6174325300
Registrant FAX Ext.:
Registrant Email:adshakow@FAS.HARVARD.EDU
Admin ID:35690499-NSI
Admin Name:Elana Hayasaka
Admin Organization:Partners In Health
Admin Street1:641 Huntington Avenue
Admin Street2:First Floor
Admin Street3:
Admin City:Boston
Admin State/Province:MA
Admin Postal Code:02115
Admin Country:US
Admin Phone:+1.617432525
Admin Phone Ext.:
Admin FAX:+1.617432530
Admin FAX Ext.:
Admin Email:ehayasaka@pih.org
Tech ID:24545464-NSI
Tech Name:Yusuf Karacaoglu
Tech Organization:Partners In Health
Tech Street1:641 Huntington Ave
Tech Street2:
Tech Street3:
Tech City:Boston
Tech State/Province:MA
Tech Postal Code:02115
Tech Country:US
Tech Phone:+1.617592573
Tech Phone Ext.:
Tech FAX:+1.617432530
Tech FAX Ext.:
Tech Email:yusufk@pih.org
Name Server:NS1.PAETEC.NET
Name Server:NS2.PAETEC.NET
Name Server:NS3.PAETEC.NET
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:

Domain ID:D158056554-LROR
Domain Name:STANDWITHHAITI.ORG
Created On:14-Jan-2010 18:35:34 UTC
Last Updated On:14-Jan-2010 18:42:42 UTC
Expiration Date:14-Jan-2011 18:35:34 UTC
Sponsoring Registrar:GoDaddy.com, Inc. (R91-LROR)
Status:CLIENT DELETE PROHIBITED
Status:CLIENT RENEW PROHIBITED
Status:CLIENT TRANSFER PROHIBITED
Status:CLIENT UPDATE PROHIBITED
Status:TRANSFER PROHIBITED
Status:ADDPERIOD
Registrant ID:CR40371411
Registrant Name:Blue State Domain Administrator
Registrant Organization:Blue State Digital, LLC
Registrant Street1:734 15th St.
Registrant Street2:Suite 1000
Registrant Street3:
Registrant City:Washington
Registrant State/Province:District Of Columbia
Registrant Postal Code:20005
Registrant Country:US
Registrant Phone:+1.2024495600
Registrant Phone Ext.:
Registrant FAX:
Registrant FAX Ext.:
Registrant Email:domains@bluestatedigital.com
Admin ID:CR40371424
Admin Name:Blue State Domain Administrator
Admin Organization:Blue State Digital, LLC
Admin Street1:734 15th St.
Admin Street2:Suite 1000
Admin Street3:
Admin City:Washington
Admin State/Province:District Of Columbia
Admin Postal Code:20005
Admin Country:US
Admin Phone:+1.2024495600
Admin Phone Ext.:
Admin FAX:
Admin FAX Ext.:
Admin Email:domains@bluestatedigital.com
Tech ID:CR40371421
Tech Name:Blue State Domain Administrator
Tech Organization:Blue State Digital, LLC
Tech Street1:734 15th St.
Tech Street2:Suite 1000
Tech Street3:
Tech City:Washington
Tech State/Province:District Of Columbia
Tech Postal Code:20005
Tech Country:US
Tech Phone:+1.2024495600
Tech Phone Ext.:
Tech FAX:
Tech FAX Ext.:
Tech Email:domains@bluestatedigital.com
Name Server:NS1.BLUESTATEDIGITAL.COM
Name Server:NS2.BLUESTATEDIGITAL.COM
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
Name Server:
DNSSEC:Unsigned

Posted: **Tue Jan 19, 2010 1:30 am**

I guess I answered my own question?

Posted: **Tue Jan 19, 2010 1:53 am**

You may have answered it as well as we could. It doesn't sound like you've been phished.

kukla wrote:Several possibilities: Does this mean that this sensitive information would have been sent out unencrypted if I hadn't "force quit?" Was it already sent out, encrypted, as soon as I hit "process now, and the warning simply meant that I was leaving an encrypted page (and encryption was no longer necessary?)

Don't know, but I would guess this latter one.

Does this mean it was sent out unencrypted? Since I "force quit" Firefox and the secure page with the popup, does this mean nothing was sent out at all? Since I force quit, I didn't receive any acknowledgment of my submission and don't know if it was transmitted or not.

Has the donation been posted to your bank account or credit card yet? Monday is a holiday in the US, so you may have to wait another day or two to be sure.

Edit: I see you've received an email confirmation for the donation. That sounds normal.

Posted: **Tue Jan 19, 2010 4:44 am**

Thanks Alan.

Posted: **Tue Jan 19, 2010 5:03 am**

kukla wrote:Thanks Alan.

You're welcome, kukla. (And so are Fran and Ollie.)

Posted: **Tue Jan 19, 2010 1:38 pm**

Fran says hi. Ollie's asleep.

InformAction Forums

Using HTTPS/Meaning of Firefox warning?

Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?

Re: Using HTTPS/Meaning of Firefox warning?