Jump to content
Cruise Critic Community

Take care when using Princess website through Google Chrome

kruisey

By kruisey,
in Princess Cruises

 Share

Recommended Posts

kruisey

kruisey

Posted
Posted

I have just phoned Princess and informed them than when one checks in on Google Chrome to reach ones booking the little yellow triangle appears on the top left hand corner of the screen .When you curse over it it says it is encrypted but certain areas others can read,they can also interfere with it.

This also was the fact with my local Telecommunications Company who I informed.Using Firefox does not seem to have this problem

Link to comment
Share on other sites
RickEk

RickEk

Posted
Posted
I have just phoned Princess and informed them than when one checks in on Google Chrome to reach ones booking the little yellow triangle appears on the top left hand corner of the screen .When you curse over it it says it is encrypted but certain areas others can read,they can also interfere with it.

This also was the fact with my local Telecommunications Company who I informed.Using Firefox does not seem to have this problem

 

I think Chrome is telling you that just certain parts of the screen are encrypted. Elements such as the menu choices across the top, the graphic backgrounds, etc. are being delivered unencrypted. This would be the case for any browser that you're using. Firefox probably isn't reporting it, because it's not really a problem.

Link to comment
Share on other sites
kruisey

kruisey

Posted
  • Author
Posted
I think Chrome is telling you that just certain parts of the screen are encrypted. Elements such as the menu choices across the top, the graphic backgrounds, etc. are being delivered unencrypted. This would be the case for any browser that you're using. Firefox probably isn't reporting it, because it's not really a problem.

 

That folks can tamper and change the web site.

The Telecommunication Company have closed the billing area while handling this on Google.

It is secure until you actually sign in to your own personal booking then the warning appears.

Personally I take no chances.

Link to comment
Share on other sites
afd524

afd524

Posted
Posted

What google chrome is detecting is mixed content meaning there is both secure and non secure links on the webpage. Secure links on these pages are encrypted using AES 256 bit encrypting key meaning hackers have no chance of breaking the key. Under the cruise personalizer all the links that you would use to change your info are showing https meaning they are secure. At the bottom left hand corner of the screen you can see the link for guest check in link.

 

princess%20https%20pic_zpsdoksd0rw.jpg

The link on the bottom on the screen for the purchase a gift card link is not secure.

 

princess%20no%20https_zpsistnuwps.jpg

 

This screen shots were taken on firefox so this happens for all web browsers. If you are concerned about the safety of a link just look at it and if it has a https that means it is safe.

Link to comment
Share on other sites
tbonecopper

tbonecopper

Posted
Posted (edited)

This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party.

 

For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert.

 

Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun.

 

However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http.

 

If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site:

 

The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS.

 

It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies.

 

Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure.

Edited by tbonecopper
Link to comment
Share on other sites
kruisey

kruisey

Posted
  • Author
Posted
This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party.

 

For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert.

 

Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun.

 

However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http.

 

If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site:

 

The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS.

 

It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies.

 

Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure.

I still would not give my credit card details on a site with that little yellow triangle warning.

Link to comment
Share on other sites
undercat

undercat

Posted
Posted
This is actually *really* common with a lot of websites. It's not that your login session is in-secure, it just means something on that page, such as an image or script, was not loaded from the same server as the rest of the secured content, or is 3rd party.

 

For example, websites with Facebook or Twitter integration can trigger that message. The website itself (like Amazon for example) will load from Amazon's servers, over a https secured connection, but the ability to share something from that site on twitter or facebook is not hosted on the same server as the Amazon site. Ergo, elements of the page are insecure. This has no bearing on the encryption of information between Amazon and you... just that one little feature - in this case, to share something, is what's causing the alert.

 

Other sites do this when they use a CDN, content delivery network, which is basically a company who has servers all over the world, close to major geographic areas who deliver things like video and images to visitors closest to that part of the world.... this keeps things on the internet moving quickly, instead of you waiting 5 minutes for a youtube video to buffer. Often the video or image element isn't delivered over a HTTPS connection, due to speed concerns. Encryption causes things to slow down, with media, that's never fun.

 

However, it is worth while to be informed on the topic, as HTTPS doesn't mean you're 100% secure. There are things such as a man in the middle attack which, even over a https session, can compromise your session with the website, malware, and keyloggers as well, which reside on your machine and don't need to intercept and decrypt the "s" in http.

 

If you're curious what on the My Princess portal is causing the insecurity it's this line of code in their site:

 

The page at 'https://book.princess.com/captaincircle/myPrincess.page' was loaded over HTTPS, but is submitting data to an insecure location at 'http://search.atomz.com/search/': this content should also be submitted over HTTPS.

 

It's actually kind of amusing, as Adobe bought Atomz.com some years ago, and it was shut down in March of 2014 if I recall. So the line of code that's causing your browsers to alert to a potential insecurity in the site is the Princess website attempting to communicate with a server on the internet that doesn't really exist. Atomz was a plugin you could install on your web server to allow your visitors to search your site for content. The same way you can search princess.com for "formal night", for example. Princess should really get their web team to remove irrelevant code that points to out of business companies.

 

Source: I work in web hosting, and IT in general. Not saying to implicitly trust me, but things aren't always what they appear to be when a web browser says something's possibly insecure.

 

Thank you for this insight and thank you OP for this thread! I use different browsers depending on the purpose and computer, and I noticed an error when trying to open my documents (I forget the precise name) in Cruise Personalizer while using Google Chrome. No issue was presented when I opened the same documents in Internet Explorer on a different machine.

 

I use a private VPN when connecting to public WiFi but noticed some odd behavior whilst connected to it recently. I also use certain browser plug-ins (thanks to prior issues, without going into details) which theoretically help the web surfer but adds another layer when requesting web pages and am working to optimize that. My research continues....

Link to comment
Share on other sites
  • 2 weeks later...
kruisey

kruisey

Posted
  • Author
Posted (edited)

PLease take care when using Google Chrome on the Princess site. After you sign in the site is still not completely secure.Mouse on to the little yellow triangle at the top left hand side of the page.I did mention this to Princess several weeks ago but nothing has changed.

Foxfire is safe you will see the little lock on the top left hand side of page.:)

Its up to you I am just letting you know.......Kruisey:)

Edited by kruisey
Link to comment
Share on other sites
satxdiver

satxdiver

Posted
Posted
Thank you for this insight and thank you OP for this thread! I use different browsers depending on the purpose and computer, and I noticed an error when trying to open my documents (I forget the precise name) in Cruise Personalizer while using Google Chrome. No issue was presented when I opened the same documents in Internet Explorer on a different machine.

 

I use a private VPN when connecting to public WiFi but noticed some odd behavior whilst connected to it recently. I also use certain browser plug-ins (thanks to prior issues, without going into details) which theoretically help the web surfer but adds another layer when requesting web pages and am working to optimize that. My research continues....

 

If you see different behaviors between different browsers or different machines, look at your browser parameters as something is different. I would look at the browser security set up and compare values. You can set the security high or low or in between depending on your comfort level. The default security settings of chrome, firefox and IE is different.

 

If chrome gives a warning and IE does not, it does not mean IE is more secure since the warning is not there but rather the security settings of IE is less than the chrome security settings.

Link to comment
Share on other sites
undercat

undercat

Posted
Posted
If you see different behaviors between different browsers or different machines, look at your browser parameters as something is different. I would look at the browser security set up and compare values. You can set the security high or low or in between depending on your comfort level. The default security settings of chrome, firefox and IE is different.

 

If chrome gives a warning and IE does not, it does not mean IE is more secure since the warning is not there but rather the security settings of IE is less than the chrome security settings.

 

Thanks for your feedback! To clarify, I wasn't implying that I think IE is more secure than Chrome simply because it allowed me to access a page Chrome warned me about. I mentioned the different browsers to provide an example of the different behavior exhibited when viewing the same docs using different browsers. I might have been unclear or imprecise about my reasons for relaying my experience when I posted about it - if so, my apologies for any confusion. I agree that the security settings are different on the other computer. I prefer not to use IE (personal preference, not necessarily security-related) but IE is what we have to use on that particular computer.

Link to comment
Share on other sites
peety3

peety3

Posted
Posted
I still would not give my credit card details on a site with that little yellow triangle warning.

That's your prerogative, but it DOES NOT MATTER if you put your credit card details on an insecure page. The only thing that matters is if the "Submit" link is HTTPS. It's the button that actually does anything with your information, not the page you came from.

Link to comment
Share on other sites
kruisey

kruisey

Posted
  • Author
Posted
That's your prerogative, but it DOES NOT MATTER if you put your credit card details on an insecure page. The only thing that matters is if the "Submit" link is HTTPS. It's the button that actually does anything with your information, not the page you came from.

Its just a persons choice.When I sign in on Google and it states its not completely secure,reading within the triangle that outsiders can break in and cause malicious damage I am certainly not going to put my credit card number on sites like that.

Everyone has their personal choice ,and although I may sound ignorant to you would rather not take the chance.

Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
 Share
Go to topic listing
  • Forum Jump
    • Categories
      • Welcome to Cruise Critic
      • Special Event: Q&A with Laura Hodges Bethge, President Celebrity Cruises
      • ANNOUNCEMENT: Set Sail on Sun Princess®
      • Hurricane Zone 2024
      • Cruise Insurance Q&A w/ Steve Dasseos of Tripinsurancestore.com June 2024
      • New Cruisers
      • Cruise Lines “A – O”
      • Cruise Lines “P – Z”
      • River Cruising
      • ROLL CALLS
      • Cruise Critic News & Features
      • Digital Photography & Cruise Technology
      • Special Interest Cruising
      • Cruise Discussion Topics
      • UK Cruising
      • Australia & New Zealand Cruisers
      • Canadian Cruisers
      • North American Homeports
      • Ports of Call
      • Cruise Conversations
×
×
  • Create New...