Secure, Newegg?



  • I'm logged in to my account on Newegg, about to buy the contents of my cart, when I notice this:

    [img]http://heron.xnapid.com/newegg-ssl-wtf.jpg[/img]
    

    Are they even trying?

    Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably [i]be[/i] secure.



  • Maybe they get charged for each use of there SSL certificate so want to use it only when absolutely necessary ;)

    Reminds me of the idea one of our managers had to save money. Rather than buy a SSL certificate, they came up with an idea of encrypting all form data in Javascript before submitting it to the server. They even said that it would be more secure, as people wouldn't know how we encrypted the data, so only our own servers would be able to decrypt it. Needless to say, it got designed, implemented on test servers, but scrapped before it made it to production ones as the quality dept has a few "concerns". That caused quite some argument. 



  •  So your complaint is that they didn't keep the contents of your cart secret?



  • <.<

     

    >.>

     

    With some of the things I order, I'd definitely want the contents of my cart secret.



  • @JohnWestMinor said:

    With some of the things I order, I'd definitely want the contents of my cart secret.
     

    I really think the sex toy industry could break into the nerd market by naming a dildo "Hard Drive"



  • @dhromed said:

    @JohnWestMinor said:

    With some of the things I order, I'd definitely want the contents of my cart secret.
     

    I really think the sex toy industry could break into the nerd market by naming a dildo "Hard Drive"

    I think a Fleshlight shaped like the Millenium Falcon would sell better.


  • @bstorer said:

    Or maybe the skull of Jar-Jar Binks.<input name="ctl00$ctl00$bcr$bcr$ctl00$PostList$ctl07$ctl23$ctl01" id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl07_ctl23_ctl01_State" value="value:Filed%20under%3A%20%3Ca%20href%3D%22%2Ftags%2FThe%2BAtlantic%2BOcean%2Bcannot%2Bstop%2Bcurses%2Fdefault.aspx%22%20rel%3D%22tag%22%3EThe%20Atlantic%20Ocean%20cannot%20stop%20curses%3C%2Fa%3E%2C%20%3Ca%20href%3D%22%2Ftags%2FOr%2Bmaybe%2Bthe%2Bskull%2Bof%2BJar-Jar%2BBinks_2E00_%2Fdefault.aspx%22%20rel%3D%22tag%22%3EOr%20maybe%20the%20skull%20of%20Jar-Jar%20Binks.%3C%2Fa%3E" type="hidden">
     

    +1,000,000



  • @Heron said:

    Are they even trying?

    Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably be secure.

    If the destination of a Submit goes to a secured page, none of the form data is sent until the SSL connection is opened. So... they're actually technically in the clear here.

    Is it ass-awful site design, though. You're right about that.



  • @blakeyrat said:

    @Heron said:
    Are they even trying?

    Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably be secure.

    If the destination of a Submit goes to a secured page, none of the form data is sent until the SSL connection is opened. So... they're actually technically in the clear here.

    Is it ass-awful site design, though. You're right about that.

    It's still insecure as hell.  Cookies can be hijacked.  A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site.  For an ecommerce site, there's no excuse for the entire site to not be HTTPS.



  • @morbiuswilters said:

     

    It's still insecure as hell.  Cookies can be hijacked.  A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site.  For an ecommerce site, there's no excuse for the entire site to not be HTTPS.

    Shit, let's just use HTTPS for everything.  I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience.  He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!


  • @bstorer said:

    @morbiuswilters said:


    It's still insecure as hell.  Cookies can be hijacked.  A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site.  For an ecommerce site, there's no excuse for the entire site to not be HTTPS.

    Shit, let's just use HTTPS for everything.  I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience.  He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!

    Or your Nazi propaganda with photos of puppies!



  • @morbiuswilters said:

    @bstorer said:
    Shit, let's just use HTTPS for everything.  I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience.  He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!
    Or your Nazi propaganda with photos of puppies!
    pesto had what?  I kept seeing puppies and wondered what all the fuss was about.



  • @belgariontheking said:

    I kept seeing puppies and wondered what all the fuss was about.
    Did you try rebooting them?



  • @bstorer said:

    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.



  • @dhromed said:

    @bstorer said:
    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.

    Yeah, but you need to try booting them again.



  • @bstorer said:

    @dhromed said:

    @bstorer said:
    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.

    Yeah, but you need to try booting them again.

    *throws down boot-making tools*

    I'm sick of your demanding attitude; you're a terrible boss!  I quit!



  • @morbiuswilters said:

    @bstorer said:

    @dhromed said:

    @bstorer said:
    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.

    Yeah, but you need to try booting them again.

    *throws down boot-making tools*

    I'm sick of your demanding attitude; you're a terrible boss!  I quit!

    Hey!  You haven't completed your indentured servitude yet!  Get back here!  The Guild will hear about this!  You'll never be a Master Booter!  NEVER!


  • @bstorer said:

    @morbiuswilters said:

    @bstorer said:

    @dhromed said:

    @bstorer said:
    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.

    Yeah, but you need to try booting them again.

    *throws down boot-making tools*

    I'm sick of your demanding attitude; you're a terrible boss!  I quit!

    Hey!  You haven't completed your indentured servitude yet!  Get back here!  The Guild will hear about this!  You'll never be a Master Booter!  NEVER!

    I'll just move to where The Guild has no jurisdiction: Canada!  Then I can Master Boot until I collapse from exhaustion!



  • @morbiuswilters said:

    @bstorer said:

    @morbiuswilters said:

    @bstorer said:

    @dhromed said:

    @bstorer said:
    Did you try rebooting them?
     

    I always try to boot a puppy when I see one.

    Yeah, but you need to try booting them again.

    *throws down boot-making tools*

    I'm sick of your demanding attitude; you're a terrible boss!  I quit!

    Hey!  You haven't completed your indentured servitude yet!  Get back here!  The Guild will hear about this!  You'll never be a Master Booter!  NEVER!

    I'll just move to where The Guild has no jurisdiction: Canada!  Then I can Master Boot until I collapse from exhaustion!

     

    ACT II, SCENE 1

    Morbius lies naked on the floor, unconcious.  His shame is hidden only by a booted puppy.

    Welbog [confused]: What's this, a boot?

    END SCENE



  •  My financial institution does this too. infact going to https://secure... redirects you to http://secure...



  • @bstorer said:

    ACT II, SCENE 1

    Morbius lies naked on the floor, unconcious.  His shame is hidden only by a booted puppy.

    Welbog [confused]: What's this, a boot?

    END SCENE

    ACT II, SCENE 2

    Morbius lies naked on the floor, unconscious. A booted puppy scampers in the foreground, and a screen showing an OS/2 desktop is now visible.

    Bstorer enters Morbius. Bstorer enters. Morbius awakes, and groans.

    Bstorer: I say! A Eurofag. I conjecture he must be on one of his [sotto voce] endless holidays. Perhaps that is why he cannot afford a bed! Nor clothes for himself, although I notice his puppy wears boots. How strange! What game is afoot, here?

    Morbius: 'Tis no game, fair Amaerican coz, if you have but seen the cost of puppy trainers in these parts.

    END SCENE



  • @davedavenotdavemaybedave said:

    Bstorer enters Morbius.
    Important informantion from TDWTF Manual of Style: "bstorer"  is never capitalized, not even at the beginning of the sentence.  If you insist on using a capitalized referring to bstorer, you may use "Pesto" for reasons that are beyond the scope of this article.  In addition, "Morbius" should not be capitalized, unless when using his full name of Morbius Q. Q. Wilters.  Additionally, it is recommended but not required that, in lieu of "morbius," he be referred to as "morb" or "morbs," whichever flows better in the given situation.



  • @bstorer said:

    Important informantion from TDWTF Manual of Style:

    <font face="Times New Roman" size="4">Dress Code for Male Consultants:</font>


    <font face="Times New Roman">This is the
    BC default dress code for the USA, and we also have our

    </font> <font face="Times New Roman">casual
    dress code </font>
    <font face="Times New Roman">and our non-USA
    </font> <font face="Times New Roman">tropical dress code</font>
    <font face="Times New Roman">

    </font>



    • <font face="Times New Roman">
      Body Art

      - Of course our dress code
      prohibits tattoos.  They can be seen as unprofessional, low-class and ignorant ,
      and at no time may a consultant have a visible tattoo. 
      Read details about why most corporations prohibit tattoos. 

      </font>Professional dress code
      and Tattoos


       

    • <font face="Times New Roman" style="font-size: 12pt">Suit – A suit means a SUIT;
      sport coats and slacks are not allowed. The suit must be dark blue,
      gray or charcoal, (except for tropical engagements) be “well
      tailored”, and have no loose threads, "pills" or "nurdles".

       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Shirt - A crisp white shirt is always required. 
      French cuffs are optional.  I have seen consultants turned away
      at the door of banks because of their hot pink dress shirt.
       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Tie - Must be conservative,
      something a bank VP might wear.
       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Shoes - High quality black lace-up shoes are
      required, polished to a mirror quality spit-shine.  You would be surprised at
      how many people judge you by your shoes.  See footwear details
      below.
       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Accessories - No phony Rolexes, body piercing or
      earrings.
       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Grooming - All hair, moustaches and beards must be neatly
      groomed and cologne must be used sparingly. Protruding nasal hair is
      prohibited, and all tattoos must be fully hidden.  If you have
      been working all night and have an early morning meeting, you can
      use an anti-inflammatory hemorrhoid cream (e.g. Preparation H) to
      quickly shrink those unsightly puffy bags under your eyes. 
      Just carefully dab the roid cream on your lower eyelids (being
      careful not to get any in your eyes) and you will look fresh and
      well-rested.
       </font>

    • <font face="Times New Roman" style="font-size: 12pt">Cologne - Cologne and after-shave
      are optional, but if used, it must not be so strong as to call attention to yourself
      in a closed elevator.  </font>

    FTFY



  • @davedavenotdavemaybedave said:

    Dress Code for Male Consultants:
     

    I got a pants with those pockets on the side, and a Motorpsycho tshirt.

    Will that do?



  • @davedavenotdavemaybedave said:

    Dress Code for Male Consultants:
    This is bullshit; French cuffs are mandatory.  Dress with class, people; we're not 4chan.



  • @davedavenotdavemaybedave said:

    Protruding nasal hair is prohibited
     

    "So Mr Smith, why exactly were you fired?"

    "Well..."



  •  Our director is pretty down to arse when it comes to dress code: A new employee recently asked this question. The answer was (by the director, in his words) "I don't give a rats ass as long as you do your job." to which the employee asked "Great, so I can come in shorts?" to which the response was "You can come in your boxers for all I care, but you'll probably be laughed at if you do." 

     I think the employee was a bit taken back by that. 



  •  One good thing about where I work is the lack of dress code. It's funny still that some people come in with full-suit-and-tie-regalia one day and sandals and ripped t-shirt the next. Typical is jeans/t-shirt or polo or something similar, just so we don't look total slobs. 

    Newegg layout is subjectively ugly-ish; there's far worse sites out there, and it at least is functional, which is far better than many sites out there. I like buying from them as well, they've always been quick and nice and cheap enough to want to order everything from there in one big batch rather than trying to get the cheapest single items from everywhere around the internet + shipping. Just in case anybody's opinion of newegg may be swayed, haha.


Log in to reply