Secure, Newegg?
-
I'm logged in to my account on Newegg, about to buy the contents of my cart, when I notice this:
[img]http://heron.xnapid.com/newegg-ssl-wtf.jpg[/img]
Are they even trying?
Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably [i]be[/i] secure.
-
Maybe they get charged for each use of there SSL certificate so want to use it only when absolutely necessary ;)
Reminds me of the idea one of our managers had to save money. Rather than buy a SSL certificate, they came up with an idea of encrypting all form data in Javascript before submitting it to the server. They even said that it would be more secure, as people wouldn't know how we encrypted the data, so only our own servers would be able to decrypt it. Needless to say, it got designed, implemented on test servers, but scrapped before it made it to production ones as the quality dept has a few "concerns". That caused quite some argument.
-
So your complaint is that they didn't keep the contents of your cart secret?
-
<.<
>.>
With some of the things I order, I'd definitely want the contents of my cart secret.
-
@JohnWestMinor said:
With some of the things I order, I'd definitely want the contents of my cart secret.
I really think the sex toy industry could break into the nerd market by naming a dildo "Hard Drive"
-
@dhromed said:
I think a Fleshlight shaped like the Millenium Falcon would sell better.@JohnWestMinor said:
With some of the things I order, I'd definitely want the contents of my cart secret.
I really think the sex toy industry could break into the nerd market by naming a dildo "Hard Drive"
-
@bstorer said:
Or maybe the skull of Jar-Jar Binks.<input name="ctl00$ctl00$bcr$bcr$ctl00$PostList$ctl07$ctl23$ctl01" id="ctl00_ctl00_bcr_bcr_ctl00_PostList_ctl07_ctl23_ctl01_State" value="value:Filed%20under%3A%20%3Ca%20href%3D%22%2Ftags%2FThe%2BAtlantic%2BOcean%2Bcannot%2Bstop%2Bcurses%2Fdefault.aspx%22%20rel%3D%22tag%22%3EThe%20Atlantic%20Ocean%20cannot%20stop%20curses%3C%2Fa%3E%2C%20%3Ca%20href%3D%22%2Ftags%2FOr%2Bmaybe%2Bthe%2Bskull%2Bof%2BJar-Jar%2BBinks_2E00_%2Fdefault.aspx%22%20rel%3D%22tag%22%3EOr%20maybe%20the%20skull%20of%20Jar-Jar%20Binks.%3C%2Fa%3E" type="hidden">
+1,000,000
-
@Heron said:
Are they even trying?
Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably be secure.
If the destination of a Submit goes to a secured page, none of the form data is sent until the SSL connection is opened. So... they're actually technically in the clear here.
Is it ass-awful site design, though. You're right about that.
-
@blakeyrat said:
@Heron said:
Are they even trying?
Clicking "Checkout" does go to https://secure.newegg.com, but still... if it's named "secure" it should probably be secure.
If the destination of a Submit goes to a secured page, none of the form data is sent until the SSL connection is opened. So... they're actually technically in the clear here.
Is it ass-awful site design, though. You're right about that.
It's still insecure as hell. Cookies can be hijacked. A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site. For an ecommerce site, there's no excuse for the entire site to not be HTTPS.
-
@morbiuswilters said:
Shit, let's just use HTTPS for everything. I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience. He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!It's still insecure as hell. Cookies can be hijacked. A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site. For an ecommerce site, there's no excuse for the entire site to not be HTTPS.
-
@bstorer said:
@morbiuswilters said:
Shit, let's just use HTTPS for everything. I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience. He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!It's still insecure as hell. Cookies can be hijacked. A MITM attack can modify the legit, non-HTTPS response from NewEgg so that the form submits to a phishing site. For an ecommerce site, there's no excuse for the entire site to not be HTTPS.
Or your Nazi propaganda with photos of puppies!
-
@morbiuswilters said:
@bstorer said:
pesto had what? I kept seeing puppies and wondered what all the fuss was about.Shit, let's just use HTTPS for everything. I'd hate to discover that a man in the middle has been surreptitiously altering my browsing experience. He could have been replacing the images of cats longing for for cheeseburgers with entirely different images of cats longing for cheeseburgers!
Or your Nazi propaganda with photos of puppies!
-
@belgariontheking said:
I kept seeing puppies and wondered what all the fuss was about.
Did you try rebooting them?
-
-
@dhromed said:
@bstorer said:
Yeah, but you need to try booting them again.Did you try rebooting them?
I always try to boot a puppy when I see one.
-
@bstorer said:
@dhromed said:
@bstorer said:
Yeah, but you need to try booting them again.Did you try rebooting them?
I always try to boot a puppy when I see one.
*throws down boot-making tools*
I'm sick of your demanding attitude; you're a terrible boss! I quit!
-
@morbiuswilters said:
Hey! You haven't completed your indentured servitude yet! Get back here! The Guild will hear about this! You'll never be a Master Booter! NEVER!@bstorer said:
@dhromed said:
@bstorer said:
Yeah, but you need to try booting them again.Did you try rebooting them?
I always try to boot a puppy when I see one.
*throws down boot-making tools*
I'm sick of your demanding attitude; you're a terrible boss! I quit!
-
@bstorer said:
@morbiuswilters said:
Hey! You haven't completed your indentured servitude yet! Get back here! The Guild will hear about this! You'll never be a Master Booter! NEVER!@bstorer said:
@dhromed said:
@bstorer said:
Yeah, but you need to try booting them again.Did you try rebooting them?
I always try to boot a puppy when I see one.
*throws down boot-making tools*
I'm sick of your demanding attitude; you're a terrible boss! I quit!
I'll just move to where The Guild has no jurisdiction: Canada! Then I can Master Boot until I collapse from exhaustion!
-
@morbiuswilters said:
@bstorer said:
@morbiuswilters said:
Hey! You haven't completed your indentured servitude yet! Get back here! The Guild will hear about this! You'll never be a Master Booter! NEVER!@bstorer said:
@dhromed said:
@bstorer said:
Yeah, but you need to try booting them again.Did you try rebooting them?
I always try to boot a puppy when I see one.
*throws down boot-making tools*
I'm sick of your demanding attitude; you're a terrible boss! I quit!
I'll just move to where The Guild has no jurisdiction: Canada! Then I can Master Boot until I collapse from exhaustion!
ACT II, SCENE 1
Morbius lies naked on the floor, unconcious. His shame is hidden only by a booted puppy.
Welbog [confused]: What's this, a boot?
END SCENE
-
My financial institution does this too. infact going to https://secure... redirects you to http://secure...
-
@bstorer said:
ACT II, SCENE 1
Morbius lies naked on the floor, unconcious. His shame is hidden only by a booted puppy.
Welbog [confused]: What's this, a boot?
END SCENE
ACT II, SCENE 2
Morbius lies naked on the floor, unconscious. A booted puppy scampers in the foreground, and a screen showing an OS/2 desktop is now visible.
Bstorer enters Morbius.Bstorer enters. Morbius awakes, and groans.Bstorer: I say! A Eurofag. I conjecture he must be on one of his [sotto voce] endless holidays. Perhaps that is why he cannot afford a bed! Nor clothes for himself, although I notice his puppy wears boots. How strange! What game is afoot, here?
Morbius: 'Tis no game, fair Amaerican coz, if you have but seen the cost of puppy trainers in these parts.
END SCENE
-
@davedavenotdavemaybedave said:
Important informantion from TDWTF Manual of Style: "bstorer" is never capitalized, not even at the beginning of the sentence. If you insist on using a capitalized referring to bstorer, you may use "Pesto" for reasons that are beyond the scope of this article. In addition, "Morbius" should not be capitalized, unless when using his full name of Morbius Q. Q. Wilters. Additionally, it is recommended but not required that, in lieu of "morbius," he be referred to as "morb" or "morbs," whichever flows better in the given situation.Bstorer enters Morbius.
-
@bstorer said:
Important informantion from TDWTF Manual of Style:
<font face="Times New Roman" size="4">Dress Code for Male Consultants:</font>
<font face="Times New Roman">This is the
BC default dress code for the USA, and we also have our
</font> <font face="Times New Roman">casual
dress code </font> <font face="Times New Roman">and our non-USA
</font> <font face="Times New Roman">tropical dress code</font><font face="Times New Roman">.
</font>
- <font face="Times New Roman">
Body Art
- Of course our dress code
prohibits tattoos. They can be seen as unprofessional, low-class and ignorant ,
and at no time may a consultant have a visible tattoo.
Read details about why most corporations prohibit tattoos.
</font>Professional dress code
and Tattoos
- <font face="Times New Roman" style="font-size: 12pt">Suit – A suit means a SUIT;
sport coats and slacks are not allowed. The suit must be dark blue,
gray or charcoal, (except for tropical engagements) be “well
tailored”, and have no loose threads, "pills" or "nurdles".
</font> - <font face="Times New Roman" style="font-size: 12pt">Shirt - A crisp white shirt is always required.
French cuffs are optional. I have seen consultants turned away
at the door of banks because of their hot pink dress shirt.
</font> - <font face="Times New Roman" style="font-size: 12pt">Tie - Must be conservative,
something a bank VP might wear.
</font> - <font face="Times New Roman" style="font-size: 12pt">Shoes - High quality black lace-up shoes are
required, polished to a mirror quality spit-shine. You would be surprised at
how many people judge you by your shoes. See footwear details
below.
</font> - <font face="Times New Roman" style="font-size: 12pt">Accessories - No phony Rolexes, body piercing or
earrings.
</font> - <font face="Times New Roman" style="font-size: 12pt">Grooming - All hair, moustaches and beards must be neatly
groomed and cologne must be used sparingly. Protruding nasal hair is
prohibited, and all tattoos must be fully hidden. If you have
been working all night and have an early morning meeting, you can
use an anti-inflammatory hemorrhoid cream (e.g. Preparation H) to
quickly shrink those unsightly puffy bags under your eyes.
Just carefully dab the roid cream on your lower eyelids (being
careful not to get any in your eyes) and you will look fresh and
well-rested.
</font> - <font face="Times New Roman" style="font-size: 12pt">Cologne - Cologne and after-shave
are optional, but if used, it must not be so strong as to call attention to yourself
in a closed elevator. </font>
FTFY
- <font face="Times New Roman">
-
@davedavenotdavemaybedave said:
Dress Code for Male Consultants:
I got a pants with those pockets on the side, and a Motorpsycho tshirt.
Will that do?
-
@davedavenotdavemaybedave said:
Dress Code for Male Consultants:
This is bullshit; French cuffs are mandatory. Dress with class, people; we're not 4chan.
-
@davedavenotdavemaybedave said:
Protruding nasal hair is prohibited
"So Mr Smith, why exactly were you fired?"
"Well..."
-
Our director is pretty down to arse when it comes to dress code: A new employee recently asked this question. The answer was (by the director, in his words) "I don't give a rats ass as long as you do your job." to which the employee asked "Great, so I can come in shorts?" to which the response was "You can come in your boxers for all I care, but you'll probably be laughed at if you do."
I think the employee was a bit taken back by that.
-
One good thing about where I work is the lack of dress code. It's funny still that some people come in with full-suit-and-tie-regalia one day and sandals and ripped t-shirt the next. Typical is jeans/t-shirt or polo or something similar, just so we don't look total slobs.
Newegg layout is subjectively ugly-ish; there's far worse sites out there, and it at least is functional, which is far better than many sites out there. I like buying from them as well, they've always been quick and nice and cheap enough to want to order everything from there in one big batch rather than trying to get the cheapest single items from everywhere around the internet + shipping. Just in case anybody's opinion of newegg may be swayed, haha.