The (HTTPS) icing on careercake.com

1 minute read

An issue we often disclose is the lack of HTTPS on websites taking user details (for example, email addresses). Why do we do this? Because using HTTPS is important - it ensures that user details stay secure, and are not vulnerable to a ‘man-in-the-middle’ attack. Lack of HTTPS makes it trivially easy to ‘sniff’ details as they are being sent ‘over the wire’ - and can be used for nefarious purposes.

When we noticed that the Careercake.com homepage contained a form to sign up for the newsletter (using an email address) but did not use HTTPS, we got in contact to let them know about it - and how to fix it

The careercake.com logo

We were really pleased by the response - within 24 hours, we had been sent a reply - the issue had been acknowledged and sent to the website team for remediation. The issue was fixed in less than a week, with https://careercake.com proudly sporting a new green padlock in the URL bar. We even got a ‘thank you’ for our efforts!

HTTPS connection on careercake.com

” This is brilliant - thanks George. I will send this to our design team today! Love that you are looking after us :) “

We think this is an awesome example of a company dealing with a security disclosure in the right way. They acknowledged it, updated us on a fix, and then promptly fixed the issue. Great work, guys!

Updated: