Archive for October, 2008



by Kaj Kandler

Today, I re-checked to see if the BBBOnline website is still unsecured.

The good news is, the expired SSL Certificate is gone. Instead the online form which asks all kind of confidential business and personal information is completely unsecured (http:// instead of https://).

BBBOnline Unsecured Business Application

Apparently they BBB is not willing to invest $50-$200 in a SSL Certificate to secure my data I submit to them. Way to go Better Business Bureau!



by Kaj Kandler

My trust in the Better Business Bureau® just got shattered. I always thought of it as a useful and trustworthy institution. Here is why I don’t think of them highly anymore.

I was researching good practices in privacy policies for websites and came across a terrific page by How to craft your privacy policy. It is really well written and I found it very helpful. So I decided to learn more about their BBBOnline Seal program. So far so good.

BBBOnline Seal Apply Now

It hit me in the face, when I did click on the little “Apply now” button at the bottom of the page. The SSL certificate of this terrific site is expired over a month ago.

An expired SSL certificate is more than a glitch, especially expired five and a half weeks. The very company that tries to dispense trust on the Internet can’t manage its trust certificate for a secure transaction? Shame on the webmaster of and shame on the business leaders that have no control mechanism to detect such a vital issue. SSL certificate expired