Why is the Dominos Pizza Website not Secure?

  • Thread starter kyphysics
  • Start date
In summary, the Dominos Pizza website is not secure due to several vulnerabilities that have been identified, including weak encryption and outdated security protocols. This puts users' personal information, such as credit card details, at risk of being stolen by hackers. Additionally, the website does not have proper security measures in place to protect against cyber attacks, making it more susceptible to being hacked. As a result, users are advised to proceed with caution when using the Dominos Pizza website and consider alternative methods of ordering their food to ensure the safety of their personal information.
  • #1
kyphysics
676
437

Your connection is not private

Attackers might be trying to steal your information from www.dominos.com (for example, passwords, messages, or credit cards). Link RemovedNET::ERR_CERT_INVALID
I literally ordered from them two days ago. I Googled "Dominos" and clicked the first link, which when hovering over IS an https:// site. . . yet, today when I click that link, Google Chrome shows me the above message with the https:// portion in my URL bar all in red and cross out with a slash.

How is this NOT secure, when the literal URL has https://?
 
Computer science news on Phys.org
  • #2
When you Googled the error, what part of the explanation did you not understand?
 
  • Like
Likes FactChecker
  • #3
After Googling, there seems to be a few things that could be going on. This looks like a good reference.

PS. I do not get an error for the Dominos web site using the Firefox browser
 
  • #4
I get an error like this when connecting to a 3rd party wifi when the login screen fails to load. Where were you when you got this and who's connection were you using?
 
  • Like
Likes WWGD
  • #5
Vanadium 50 said:
When you Googled the error, what part of the explanation did you not understand?
Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.
 
  • Like
Likes WWGD and Wrichik Basu
  • #6
Algr said:
Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.
I do not get that error, so I suspect that it has something to do with his browser, his network, or a temporary problem at Dominos.
 
  • #7
I think that I have seen that error from many sites (even PF) at times when there are network problems or slowdowns. Any of us with flaky Internet communications see many more errors than those with reliable Internet.
 
  • #8
Algr said:
Google isn't going to be able to tell you why a major corporation doesn't have it's act together on customer facing technology.
Who even said that was the case? The error is 'NET::ERR_CERT_INVALID'.
 
  • Like
Likes WWGD and berkeman
  • #9
Vanadium 50 said:
When you Googled the error, what part of the explanation did you not understand?
Do you talk to your wife (if you have one) consistently this way? Your consistent forum rudeness and total disrespect towards me [inappropriate content deleted by moderator]...

As for your question, I don't understand what you're asking, as I never Googled the error.
 
Last edited by a moderator:
  • Like
Likes Wrichik Basu
  • #10
russ_watters said:
I get an error like this when connecting to a 3rd party wifi when the login screen fails to load. Where were you when you got this and who's connection were you using?

anorlunda said:
I think that I have seen that error from many sites (even PF) at times when there are network problems or slowdowns. Any of us with flaky Internet communications see many more errors than those with reliable Internet.
You both may be onto something.
I did have internet connection problems that same night, but not at that exact moment I tried to order from Dominos. I was still able to surf the web elsewhere without that happening (at the time, it was JUST Dominos' website). Albeit, I remember getting a "no connection" message for everything shortly afterwards, I think (like maybe within 15-20 minutes).

I did have an "outage" of internet for about 2 hours. I was using a home laptop with Verizon internet connection. Everything is fine now.
 
  • #11
And yet, the question remains unanswered.
 
  • #12
Vanadium 50 said:
When you Googled the error, what part of the explanation did you not understand?

kyphysics said:
Do you talk to your wife (if you have one) consistently this way? Your consistent forum rudeness and total disrespect towards me...

As for your question, I don't understand what you're asking, as I never Googled the error.

Vanadium 50 said:
And yet, the question remains unanswered.
It's an implied two-part question and kyphysics did in fact answer the first one: Question: Did you google it? Answer: No. Follow-up: do it. And report what you find. And google it first next time too. The fact that you (kyphsics) didn't get that is kind of eye-popping.

I suspect if I were married to V50 and we had kids we would have conflict regarding parenting styles. But on a rudeness scale of 1-10 I rate this about a 3, and as always, the message is exactly on point. @kyphysics I've noticed some improvement, but you have a long way to go in terms of basic adulting. PF does not have a parenting style policy, and teaching adulting is not really part of our mission. It's kind of an unsupported feature, with haphazard implementation. That's why this little conflict hasn't had any sort of resolution.
 
  • Like
Likes phinds, Vanadium 50 and berkeman
  • #13
At least they're not passing your order to their server using GET, as one site I dealt with in the mid-2000s did, before advanced concepts like "If you need a storefront, licence an existing application instead of trying to create your own without a full understanding of the technology" were widely understood.
 
  • #14
I would never give my credit card directly to Dominos. Or similar companies. Average companies do not have the budget nor the expertise, in many cases, to know all security best practices, nor will in many cases the contractor doing their website have it. I try to limit giving my credit card to companies with a large enough incentive to get it right. Mostly, I will only pay an average company these days using one of the big three micropayment services: Paypal, Google Pay or Amazon Pay. Those companies have a fighting chance of having up to date security practices, and they have an incentive to make security a priority. But there are no guarantees; this is just my recommendation for how to minimize the likelihood of getting my credit card stolen.
 
  • #15
harborsparrow said:
I would never give my credit card directly to Dominos. Or similar companies.
I think you make good points. But in the US, credit cards have the advantage of limiting your liability for fraud to $50. The online payers have no such legal burden.
 
  • Like
Likes harborsparrow
  • #16
FYI, I was able to capture the phenomena I was describing. It's caused by connecting to a wifi network with a login page (McDonalds) that doesn't load properly.

Screenshot_20221126-094458_Chrome.jpg
 
  • #17
It seems the letter h is missing from the beginning of the URL. Is that a bad link you can simply report to the webmaster?
 
  • #18
harborsparrow said:
Average companies do not have the budget nor the expertise, in many cases, to know all security best practices
Slightly above average size companies have the habit of failing at this too.

anorlunda said:
limiting your liability for fraud to $50
Most (all?) will cover the $50 too.

BoB
 
  • #19
harborsparrow said:
It seems the letter h is missing from the beginning of the URL. Is that a bad link you can simply report to the webmaster?
It's CNN. I don't know why the link doesn't show up right in the error page, but it doesn't matter. Every link gives the same error.

If it were just a bad link it would give a page not found error, not a security error.
 
  • #20
harborsparrow said:
I would never give my credit card directly to Dominos. Or similar companies. Average companies do not have the budget nor the expertise, in many cases, to know all security best practices, nor will in many cases the contractor doing their website have it. I try to limit giving my credit card to companies with a large enough incentive to get it right. Mostly, I will only pay an average company these days using one of the big three micropayment services: Paypal, Google Pay or Amazon Pay. Those companies have a fighting chance of having up to date security practices, and they have an incentive to make security a priority. But there are no guarantees; this is just my recommendation for how to minimize the likelihood of getting my credit card stolen.
Well, I doubt they will, given they haven't done it by now, despite several companies having had egg in their faces after their sites were hacked and several credit cards were obtained from them.
Could it be someone spoofing the address and for that reason the certificate was not legit?
 
  • #21
WWGD said:
Could it be someone spoofing the address and for that reason the certificate was not legit?
I don't think it has anything to do with the security certificate, moreso the wireless connection being used at the time.

Whenever I'm out and about with my laptop, I create a mobile hotspot with my phone and use the 4G network. I don't tend to connect to open wireless connections (I believe there is a setting within Windows 10/11 that gets the machine to connect to any it finds - I disabled that setting). If I were to connect to a open wireless connection, I would use a VPN.
 
  • Like
Likes WWGD
  • #22
Well, there's too, the Google(it) paradox that searches will only help you if you know enough about it to sift through the 85,000, 000 hits, to filter through the majority garbage results.
 
  • #23
russ_watters said:
FYI, I was able to capture the phenomena I was describing. It's caused by connecting to a wifi network with a login page (McDonalds) that doesn't load properly.

View attachment 318126
I did get a similar message while at Citibank, a couple of years ago. Twice in around 2 weeks.
 
  • #24
anorlunda said:
I think you make good points. But in the US, credit cards have the advantage of limiting your liability for fraud to $50. The online payers have no such legal burden.
Most pizza orders are gonna be in the range of $50, so liability limitation probably doesn't come into play in this specific case. Yes, if you're ordering something worth $3000, maybe. I do know that Paypal has liability control; if you're defrauded, they investigate the case and if it goes your way, you get a full refund. I have had this happen. I had to wait a few weeks for the investigation, but I got $300 back from a fraudulent software sale.
 
  • #25
Another reason to use Paypal, Google Pay or Amazon Pay is, that I'm pretty sure all three provide AI-based fraud detection. I don't know what-all that does but it's very good at spotting fraudulent activity by companies early and nipping it in the bud.
 
  • #26
harborsparrow said:
Most pizza orders are gonna be in the range of $50, so liability limitation probably doesn't come into play in this specific case.
It's not the $50 pizza order that'll get you, it's the $2,000 laptop the disgruntled employee bought using your credit card info.

harborsparrow said:
Yes, if you're ordering something worth $3000, maybe. I do know that Paypal has liability control; if you're defrauded, they investigate the case and if it goes your way, you get a full refund. I have had this happen. I had to wait a few weeks for the investigation, but I got $300 back from a fraudulent software sale.
harborsparrow said:
Another reason to use Paypal, Google Pay or Amazon Pay is, that I'm pretty sure all three provide AI-based fraud detection. I don't know what-all that does but it's very good at spotting fraudulent activity by companies early and nipping it in the bud.

I'll have to look into whether PayPal/google/Apple actually offer anything credit cards don't. I think I've had my credit card/number stolen maybe half a dozen times, but I don't think I've ever been left holding the bag. Not even for $50. Credit card companies are very good at detecting fraud and flagging/halting transactions.
 
  • Like
Likes Vanadium 50
  • #27
Yeah, Google did not invent fraud detection.

When your card has a charge from a place you've never shopped having the merchandise shipped somewhere you've never been, it doesn't take a sophisticated AI to suggest someone give this a closer look.
 
  • Like
Likes russ_watters
  • #28
The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.
 
  • #29
harborsparrow said:
The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.
It depends on the info I think. They aren't allowed to store the CVV number, so if that is used it would help security.

I see at least Paypal and Credit cards separately, dealing with different types of transactions. My understanding is PayPal transactions are effectively cash transactions, so once the transaction is complete your money is gone. Your redress is after-the-fact, to get the money back. With credit cards the money doesn't change hands until later, so the risk in the transaction is lower....which is why credit cards can't be used for riskier transactions but PayPal can.

PayPal is useful for peer-to-peer transactions where you can't use credit cards, as a substitute for cash that provides some protection in what are inherently much, much higher risk transactions. Yes, there is risk of a credit card being stolen from Target, but there's a much, much higher risk that the guy you're buying a bike from in the Target parking lot could be ripping you off via PayPal. And he won't even take Visa.
 
  • #31
harborsparrow said:
I will repeat, Paypal REFUNDED ME $300 when a software seller sent a product that could not be unlocked. It doesn't get much better than that.
To me it is significantly better for the money to never leave my checking account in the first place.

How long did it take to get the money back?
 
  • #32
harborsparrow said:
The point is, that Domino's is going to STORE your card info and the possibility of it getting stolen from a company like Domino's is, in my estimation, astronomically higher than that it would be stolen from Google. So just use a payment service if you can and your CC info won't be scattered all around the world.
After the initial transaction confirms that a credit card is good, the company stores a token issued by the bank which they can then use to authorize future charges to that account. They no longer need your original CC info to do so.

Companies generally don't store your CC info precisely because doing so is a security risk. A hacker that breaks into Domino's system isn't going to get your full credit card number, expiration date, and CVV number. They might get the expiration date and the last four digits of the account number.
 

Related to Why is the Dominos Pizza Website not Secure?

1. Why is the Dominos Pizza Website not Secure?

The Dominos Pizza website may not be secure for a few reasons. One possibility is that the website does not have a valid SSL certificate, which is used to encrypt data and protect sensitive information. Another reason could be that the website has not been properly updated with the latest security measures to protect against cyber attacks.

2. How does an insecure website put my information at risk?

An insecure website can put your information at risk by making it easier for hackers to intercept and access your personal information. This can include your name, address, credit card information, and more. Without proper security measures in place, your data is vulnerable to being stolen and used for malicious purposes.

3. Can I still order pizza from the Dominos website if it's not secure?

Technically, you can still order pizza from the Dominos website if it's not secure. However, it is not recommended as your personal and financial information may be at risk. It is best to use a secure website to protect your sensitive data.

4. Is it safe to enter my credit card information on the Dominos website?

If the Dominos website is not secure, it is not safe to enter your credit card information. This information can be easily intercepted and used for fraudulent purposes. It is important to only enter your credit card information on secure websites that have a valid SSL certificate.

5. How can Dominos improve the security of their website?

Dominos can improve the security of their website by obtaining a valid SSL certificate to encrypt data and implementing other security measures such as firewalls and regular updates. It is also important for them to regularly test their website for vulnerabilities and address any issues that arise.

Similar threads

  • Computing and Technology
Replies
11
Views
1K
  • Computing and Technology
Replies
1
Views
866
  • Feedback and Announcements
Replies
5
Views
426
  • Sticky
  • General Discussion
Replies
0
Views
547
  • Computing and Technology
Replies
1
Views
928
Replies
1
Views
872
Replies
19
Views
964
  • Feedback and Announcements
Replies
3
Views
1K
  • Computing and Technology
Replies
4
Views
3K
  • General Discussion
Replies
9
Views
4K
Back
Top