The link that is sent out in the invoice email should use https, not http.
Even though the insecure link in the email redirects to a secure site, the fact that we have to load an insecure link allows for a man-in-the-middle attack where a hacker posing as the insecure server could redirect to a malicious site instead of the secure intuit site.
All web traffic should use SSL all the time. Period. Dumb cat videos are encrypted so invoicing sites should absolutely be. Don't even have links.notification.intuit.com listen on port 80 at all.
10
votes
PD
shared this idea
-
PD commented
Does anybody even look at these suggestions?