[jsaundersdev]

The oreilly site to buy is not http :yuck:

[giancarlostoro]

Thats one thing I wish were enforced more than anything. SSL or better for financial transactions online. Surprised its HTTP. Maybe they redirect once you are actually paying? I have seen that be the case.

[StavrosK]

It doesn't look like you can buy anything at their shop, they either redirect to Amazon or to their subscription platform (which does use HTTPS).

[penagwin]

Redirecting to https is still problematic though.

Let's say your websites homepage only uses http but the login form is over https. You can MiTM the homepage, and change the login link to haX0r.xyz and then proxy the login.

[MichaelApproved]

Is that the case here?

[cabaalis]

They have to, or will quickly find themselves racking up some PCI fines.