PDA

View Full Version : MotU pre-purchase store is insecure...



Aliss7
02-27-2012, 02:53 PM
... from the viewpoint of the user.

When you click the "pre-purchase now" button, the store window comes up embedded within the underdark website. When you click the "checkout" button where it asks you to enter your personal info and credit card number there is no visual indication through the standard ssl browser cues that this is a secure transaction.

If you "show only this frame" for the checkout screen, you can verify the ssl connection, but you lose the css styling, and the font and background colors happens to be both white here, so the text is invisible (unless you highlight it with select all).

For the few of us that actually care about secure ssl encrypted connections, you guys make it much harder than it should be.

Security. Keep it simple. Please.

Impaqt
02-27-2012, 02:56 PM
... from the viewpoint of the user.

When you click the "pre-purchase now" button, the store window comes up embedded within the underdark website. When you click the "checkout" button where it asks you to enter your personal info and credit card number there is no visual indication through the standard ssl browser cues that this is a secure transaction.

If you "show only this frame" for the checkout screen, you can verify the ssl connection, but you lose the css styling, and the font and background colors happens to be both white here, so the text is invisible (unless you highlight it with select all).

For the few of us that actually care about secure ssl encrypted connections, you guys make it much harder than it should be.

Security. Keep it simple. Please.
SO your complaint is that it doesnt look secure... But it actually is?

uh. thanks.... :rolleyes:

Aliss7
02-27-2012, 03:12 PM
SO your complaint is that it doesnt look secure... But it actually is?

uh. thanks.... :rolleyes:

The point is: how do _you_ know the site is secure?

Impaqt
02-27-2012, 03:24 PM
The point is: how do _you_ know the site is secure?

Because anyone doing electronic credit card transaction online who isnt doing a secure connection would be asking for nothing but trouble nowadays?

Freeman
02-27-2012, 03:27 PM
The point is: how do _you_ know the site is secure?

On Chrome, right-click, select "View Frame Info". Two clicks to verify that it is secure. On Firefox, do the same, only it is in the Frame sub-menu. Again, two clicks is all it takes. On Internet Explorer, right-click and select Properties. Again, two clicks. If you want know for certain that a site is secure, the information is easily obtained through little effort on your part. If it wasn't secure, that would be an issue. The fact that the browser doesn't have an icon indicating it is secure is not.

Aliss7
02-27-2012, 03:35 PM
Because anyone doing electronic credit card transaction online who isnt doing a secure connection would be asking for nothing but trouble nowadays?

So you just implicitly trust any web form when you go to do your credit card transactions with a website. Great.

Aliss7
02-27-2012, 03:39 PM
On Chrome, right-click, select "View Frame Info". Two clicks to verify that it is secure. On Firefox, do the same, only it is in the Frame sub-menu. Again, two clicks is all it takes. On Internet Explorer, right-click and select Properties. Again, two clicks.


Thanks for repeating the info I gave in my OP.



If you want know for certain that a site is secure, the information is easily obtained through little effort on your part.


I should not have to go through two clicks and a shake. The new window frame is unreadable also.



If it wasn't secure, that would be an issue. The fact that the browser doesn't have an icon indicating it is secure is not.

*shakes head* I give up. I'm done.

Impaqt
02-27-2012, 03:40 PM
So you just implicitly trust any web form when you go to do your credit card transactions with a website. Great.

yes. I dont do business with any company that is "Questionable" though. Perhaps you do.

Digital River and Turbine are pretty mainstream, big time companies.... I feel quite comfortable assuming they dont have morons running their online purchases.

Krell
02-27-2012, 04:17 PM
People are used to seeing the https in the URL and usually a Verisign cert verification indicating the connection is encrypted when making on-line purchases. There is nothing wrong with this setting off an alarm to someone when they don't see this and are being asked to enter credit card information. I held off making my purchase until I researched this more. There are enough redirects and spoofed websites that I think it makes sense to exercise extra caution, even if you think you are being taken to a website of a company you are familiar with.

Missing_Minds
02-27-2012, 04:37 PM
yes. I dont do business with any company that is "Questionable" though. Perhaps you do.

Digital River and Turbine are pretty mainstream, big time companies.... I feel quite comfortable assuming they dont have morons running their online purchases.

Although quite honestly, secure? I laugh at that.

Difficult to make it not worth the time of most/the majority of "entities"? Sure.

Osharan_Tregarth
02-27-2012, 04:46 PM
yes. I dont do business with any company that is "Questionable" though. Perhaps you do.

Digital River and Turbine are pretty mainstream, big time companies.... I feel quite comfortable assuming they dont have morons running their online purchases.

Well, hopefully the forums teams are different from the purchase teams.

You do remember that Turbine's LOTR forum databases were compromised last year, right?

Freeman
02-27-2012, 05:50 PM
Thanks for repeating the info I gave in my OP.



I should not have to go through two clicks and a shake. The new window frame is unreadable also.



*shakes head* I give up. I'm done.

Since you obviously didn't read what I posted, what makes you think I repeated anything. The steps I posted didn't change the original frame at all, so using my steps didn't cause any readability issues. Maybe if you didn't give up so fast, you'd actually learn something for a change. Still, if those two clicks are too much for you, I doubt you've bothered reading to this sentence anyway.

Rumbaar
02-27-2012, 06:17 PM
Your point is valid, you think they would have learned from the Offer Wall. That perception is reality.

You can never assume anything online, and Turbine should make it known to it's customers. For peace of mind, at the very least.


Digital River and Turbine are pretty mainstream, big time companies.... I feel quite comfortable assuming they dont have morons running their online purchases.Ha! two words OFFER WALL !!!