Chuck contacted AT&T about getting our cable Internet restored last Friday. I contacted them again today and they're clueless: no record of Chuck giving them his cc info last week, so I gave them mine. Of course, the only way to somewhat promptly contact them is using their online chat tool. The browser shows an encrypted sign ... so it's secure, right? I can safely give them my cc info over it? I start sniffing the network on my Linux box.... nope, there goes our whole chat conversation in plain text. Only the applet loaded securely, and then the applet opened an ordinary HTTP connection back to the secure port.